Debian Package Tracker
Register | Log in
Subscribe

golang-golang-x-image

supplementary Go image libraries

Choose email to subscribe with

general
  • source: golang-golang-x-image (main)
  • version: 0.18.0-1
  • maintainer: Debian Go Packaging Team (DMD)
  • uploaders: Dr. Tobias Quathamer [DMD] – Anthony Fok [DMD]
  • arch: all
  • std-ver: 4.7.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 0.0~git20190321.3fc05d4+really0.0~git20181116.cd38e80-1
  • oldstable: 0.0~git20200119.58c2397-1
  • old-bpo: 0.0~git20211028.6944b10-1~bpo11+1
  • stable: 0.5.0-1
  • testing: 0.18.0-1
  • unstable: 0.18.0-1
versioned links
  • 0.0~git20190321.3fc05d4+really0.0~git20181116.cd38e80-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.0~git20200119.58c2397-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.0~git20211028.6944b10-1~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.5.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.18.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • golang-golang-x-image-dev
action needed
A new upstream version is available: 0.27.0 high
A new upstream version 0.27.0 is available, you should consider packaging it.
Created: 2024-06-06 Last update: 2025-05-15 11:59
4 security issues in buster high

There are 4 open security issues in buster.

1 important issue:
  • CVE-2024-24792: Parsing a corrupt or malicious image with invalid color indices can cause a panic.
3 issues postponed or untriaged:
  • CVE-2022-41727: (postponed; to be fixed through a stable update) An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.
  • CVE-2023-29407: (needs triaging) A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
  • CVE-2023-29408: (postponed; to be fixed through a stable update) The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.
Created: 2024-06-28 Last update: 2024-06-28 15:00
lintian reports 3 warnings normal
Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2024-02-24 Last update: 2024-07-30 09:03
3 low-priority security issues in bookworm low

There are 3 open security issues in bookworm.

3 issues left for the package maintainer to handle:
  • CVE-2023-29407: (needs triaging) A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
  • CVE-2023-29408: (needs triaging) The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.
  • CVE-2024-24792: (needs triaging) Parsing a corrupt or malicious image with invalid color indices can cause a panic.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-08-04 Last update: 2025-02-27 05:02
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).
Created: 2025-02-21 Last update: 2025-02-27 13:24
news
[rss feed]
  • [2024-08-12] golang-golang-x-image 0.18.0-1 MIGRATED to testing (Debian testing watch)
  • [2024-08-12] golang-golang-x-image 0.18.0-1 MIGRATED to testing (Debian testing watch)
  • [2024-08-10] Accepted golang-golang-x-image 0.18.0-1 (source) into unstable (Anthony Fok)
  • [2024-05-23] golang-golang-x-image 0.16.0-1 MIGRATED to testing (Debian testing watch)
  • [2024-05-21] Accepted golang-golang-x-image 0.16.0-1 (source) into unstable (Anthony Fok)
  • [2024-02-26] golang-golang-x-image 0.15.0-1 MIGRATED to testing (Debian testing watch)
  • [2024-02-24] Accepted golang-golang-x-image 0.15.0-1 (source) into unstable (Anthony Fok)
  • [2023-12-11] golang-golang-x-image 0.14.0-1 MIGRATED to testing (Debian testing watch)
  • [2023-12-08] Accepted golang-golang-x-image 0.14.0-1 (source) into unstable (Anthony Fok)
  • [2023-11-03] golang-golang-x-image 0.13.0-1 MIGRATED to testing (Debian testing watch)
  • [2023-11-01] Accepted golang-golang-x-image 0.13.0-1 (source) into unstable (Anthony Fok)
  • [2023-10-15] golang-golang-x-image 0.12.0-1 MIGRATED to testing (Debian testing watch)
  • [2023-10-12] Accepted golang-golang-x-image 0.12.0-1 (source) into unstable (Anthony Fok)
  • [2023-10-10] Accepted golang-golang-x-image 0.11.0-1 (source) into unstable (Anthony Fok)
  • [2023-10-09] Accepted golang-golang-x-image 0.9.0-1 (source) into unstable (Anthony Fok)
  • [2023-09-23] golang-golang-x-image 0.8.0-1 MIGRATED to testing (Debian testing watch)
  • [2023-09-21] Accepted golang-golang-x-image 0.8.0-1 (source) into unstable (Anthony Fok)
  • [2023-07-01] golang-golang-x-image 0.7.0-1 MIGRATED to testing (Debian testing watch)
  • [2023-06-29] Accepted golang-golang-x-image 0.7.0-1 (source) into unstable (Anthony Fok)
  • [2023-02-25] golang-golang-x-image 0.5.0-1 MIGRATED to testing (Debian testing watch)
  • [2023-02-15] Accepted golang-golang-x-image 0.5.0-1 (source) into unstable (Shengjing Zhu)
  • [2023-01-05] golang-golang-x-image 0.2.0-1 MIGRATED to testing (Debian testing watch)
  • [2023-01-02] Accepted golang-golang-x-image 0.2.0-1 (source) into unstable (Shengjing Zhu)
  • [2022-10-28] golang-golang-x-image 0.1.0-1 MIGRATED to testing (Debian testing watch)
  • [2022-10-26] Accepted golang-golang-x-image 0.1.0-1 (source) into unstable (Shengjing Zhu)
  • [2021-12-18] golang-golang-x-image 0.0~git20211028.6944b10-1 MIGRATED to testing (Debian testing watch)
  • [2021-12-16] Accepted golang-golang-x-image 0.0~git20211028.6944b10-1 (source) into unstable (Anthony Fok)
  • [2021-10-15] golang-golang-x-image 0.0~git20210628.a66eb64-1 MIGRATED to testing (Debian testing watch)
  • [2021-10-12] Accepted golang-golang-x-image 0.0~git20210628.a66eb64-1 (source) into unstable (Anthony Fok)
  • [2020-12-08] Accepted golang-golang-x-image 0.0~git20200119.58c2397-1~bpo10+1 (source all) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Anthony Fok)
  • 1
  • 2
bugs [bug history graph]
  • all: 0
links
  • homepage
  • lintian (0, 3)
  • buildd: logs, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 0.18.0-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing