golang-golang-x-image - Debian Package Tracker

general

source: golang-golang-x-image (main)
version: 0.18.0-1
maintainer: Debian Go Packaging Team (DMD)
uploaders: Dr. Tobias Quathamer [DMD] – Anthony Fok [DMD]
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.0~git20190321.3fc05d4+really0.0~git20181116.cd38e80-1
oldstable: 0.0~git20200119.58c2397-1
old-bpo: 0.0~git20211028.6944b10-1~bpo11+1
stable: 0.5.0-1
testing: 0.18.0-1
unstable: 0.18.0-1

versioned links

0.0~git20190321.3fc05d4+really0.0~git20181116.cd38e80-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.0~git20200119.58c2397-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.0~git20211028.6944b10-1~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.5.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.18.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

golang-golang-x-image-dev

action needed

A new upstream version is available: 0.27.0 high

A new upstream version 0.27.0 is available, you should consider packaging it.

Created: 2024-06-06 Last update: 2025-05-15 11:59

4 security issues in buster high

There are 4 open security issues in buster.

1 important issue:

CVE-2024-24792: Parsing a corrupt or malicious image with invalid color indices can cause a panic.

3 issues postponed or untriaged:

CVE-2022-41727: (postponed; to be fixed through a stable update) An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.
CVE-2023-29407: (needs triaging) A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
CVE-2023-29408: (postponed; to be fixed through a stable update) The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.

Created: 2024-06-28 Last update: 2024-06-28 15:00

lintian reports 3 warnings normal

Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2024-02-24 Last update: 2024-07-30 09:03

3 low-priority security issues in bookworm low

There are 3 open security issues in bookworm.

3 issues left for the package maintainer to handle:

CVE-2023-29407: (needs triaging) A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
CVE-2023-29408: (needs triaging) The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.
CVE-2024-24792: (needs triaging) Parsing a corrupt or malicious image with invalid color indices can cause a panic.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-08-04 Last update: 2025-02-27 05:02

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-02-27 13:24

news

[rss feed]

[2024-08-12] golang-golang-x-image 0.18.0-1 MIGRATED to testing (Debian testing watch)
[2024-08-12] golang-golang-x-image 0.18.0-1 MIGRATED to testing (Debian testing watch)
[2024-08-10] Accepted golang-golang-x-image 0.18.0-1 (source) into unstable (Anthony Fok)
[2024-05-23] golang-golang-x-image 0.16.0-1 MIGRATED to testing (Debian testing watch)
[2024-05-21] Accepted golang-golang-x-image 0.16.0-1 (source) into unstable (Anthony Fok)
[2024-02-26] golang-golang-x-image 0.15.0-1 MIGRATED to testing (Debian testing watch)
[2024-02-24] Accepted golang-golang-x-image 0.15.0-1 (source) into unstable (Anthony Fok)
[2023-12-11] golang-golang-x-image 0.14.0-1 MIGRATED to testing (Debian testing watch)
[2023-12-08] Accepted golang-golang-x-image 0.14.0-1 (source) into unstable (Anthony Fok)
[2023-11-03] golang-golang-x-image 0.13.0-1 MIGRATED to testing (Debian testing watch)
[2023-11-01] Accepted golang-golang-x-image 0.13.0-1 (source) into unstable (Anthony Fok)
[2023-10-15] golang-golang-x-image 0.12.0-1 MIGRATED to testing (Debian testing watch)
[2023-10-12] Accepted golang-golang-x-image 0.12.0-1 (source) into unstable (Anthony Fok)
[2023-10-10] Accepted golang-golang-x-image 0.11.0-1 (source) into unstable (Anthony Fok)
[2023-10-09] Accepted golang-golang-x-image 0.9.0-1 (source) into unstable (Anthony Fok)
[2023-09-23] golang-golang-x-image 0.8.0-1 MIGRATED to testing (Debian testing watch)
[2023-09-21] Accepted golang-golang-x-image 0.8.0-1 (source) into unstable (Anthony Fok)
[2023-07-01] golang-golang-x-image 0.7.0-1 MIGRATED to testing (Debian testing watch)
[2023-06-29] Accepted golang-golang-x-image 0.7.0-1 (source) into unstable (Anthony Fok)
[2023-02-25] golang-golang-x-image 0.5.0-1 MIGRATED to testing (Debian testing watch)
[2023-02-15] Accepted golang-golang-x-image 0.5.0-1 (source) into unstable (Shengjing Zhu)
[2023-01-05] golang-golang-x-image 0.2.0-1 MIGRATED to testing (Debian testing watch)
[2023-01-02] Accepted golang-golang-x-image 0.2.0-1 (source) into unstable (Shengjing Zhu)
[2022-10-28] golang-golang-x-image 0.1.0-1 MIGRATED to testing (Debian testing watch)
[2022-10-26] Accepted golang-golang-x-image 0.1.0-1 (source) into unstable (Shengjing Zhu)
[2021-12-18] golang-golang-x-image 0.0~git20211028.6944b10-1 MIGRATED to testing (Debian testing watch)
[2021-12-16] Accepted golang-golang-x-image 0.0~git20211028.6944b10-1 (source) into unstable (Anthony Fok)
[2021-10-15] golang-golang-x-image 0.0~git20210628.a66eb64-1 MIGRATED to testing (Debian testing watch)
[2021-10-12] Accepted golang-golang-x-image 0.0~git20210628.a66eb64-1 (source) into unstable (Anthony Fok)
[2020-12-08] Accepted golang-golang-x-image 0.0~git20200119.58c2397-1~bpo10+1 (source all) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Anthony Fok)

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 3)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.18.0-1