Debian Package Tracker

general

source: libgig (main)
version: 4.1.0~repack-2
maintainer: Debian Multimedia Maintainers (archive) [DMD]
uploaders: Alessio Treglia [DMD] – Jaromír Mikeš [DMD] [dm] – Paul Brossier [DMD] – Free Ekanayaka [DMD]
arch: all any
std-ver: 4.1.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.3.0-2
oldstable: 3.3.0-3
stable: 3.3.0-5
testing: 4.1.0~repack-2
unstable: 4.1.0~repack-2

versioned links

3.3.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.3.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.3.0-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.1.0~repack-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gigtools
libakai0
libgig-dev
libgig-doc
libgig8

action needed

17 security issues in buster high

There are 17 open security issues in buster.

17 important issues:

CVE-2018-14452: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14458: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-14453: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14459: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVE-2018-18197: An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.
CVE-2018-18194: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.
CVE-2018-14456: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14457: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-18192: An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.
CVE-2018-14454: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14455: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVE-2018-14449: An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.
CVE-2018-18195: An issue discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.
CVE-2018-14451: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-18193: An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.
CVE-2018-14450: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-18196: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.

Please fix them.

Created: 2018-07-21 Last update: 2018-10-11 08:01

22 security issues in jessie high

There are 22 open security issues in jessie.

17 important issues:

CVE-2018-14452: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14458: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-14453: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14459: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVE-2018-18197: An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.
CVE-2018-18194: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.
CVE-2018-14456: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14457: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-18192: An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.
CVE-2018-14454: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14455: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVE-2018-14449: An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.
CVE-2018-18195: An issue discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.
CVE-2018-14451: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-18193: An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.
CVE-2018-14450: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-18196: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.

5 issues skipped by the security teams:

CVE-2017-12952: The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-12953: The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.
CVE-2017-12954: The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
CVE-2017-12950: The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-12951: The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file.

Please fix them.

Created: 2017-08-29 Last update: 2018-10-11 08:01

17 security issues in sid high

There are 17 open security issues in sid.

17 important issues:

CVE-2018-14452: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14458: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-14453: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14459: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVE-2018-18197: An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.
CVE-2018-18194: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.
CVE-2018-14456: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14457: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-18192: An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.
CVE-2018-14454: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14455: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVE-2018-14449: An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.
CVE-2018-18195: An issue discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.
CVE-2018-14451: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-18193: An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.
CVE-2018-14450: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-18196: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.

Please fix them.

Created: 2018-07-21 Last update: 2018-10-11 08:01

22 security issues in stretch high

There are 22 open security issues in stretch.

17 important issues:

CVE-2018-14452: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14458: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-14453: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14459: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVE-2018-18197: An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.
CVE-2018-18194: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.
CVE-2018-14456: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14457: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-18192: An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.
CVE-2018-14454: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14455: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVE-2018-14449: An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.
CVE-2018-18195: An issue discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.
CVE-2018-14451: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-18193: An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.
CVE-2018-14450: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-18196: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.

5 issues skipped by the security teams:

CVE-2017-12952: The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-12953: The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.
CVE-2017-12954: The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
CVE-2017-12950: The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-12951: The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file.

Please fix them.

Created: 2017-08-29 Last update: 2018-10-11 08:01

lintian reports 5 warnings high

Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2016-04-26 Last update: 2018-09-12 08:19

Depends on packages which need a new maintainer normal

The packages that libgig depends on which need a new maintainer are:

doxygen (#888580)
- Build-Depends: doxygen

Created: 2018-10-12 Last update: 2018-10-21 11:40

3 new commits since last upload, time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit d7530bf518185886ffa67d56df223805af234766
Author: Felipe Sateler <fsateler@debian.org>
Date:   Mon Apr 16 13:54:48 2018 -0300

    Change maintainer address to debian-multimedia@lists.debian.org

commit cd3b3abfd8d54f1db87f8ab28686ec9e5d58e11f
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon Feb 19 10:15:42 2018 +0100

    d/control: Set Vcs-* to salsa.debian.org

commit c9758a12845dc89d5dba37588d20ecf9a5cd7e68
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon Feb 19 10:15:41 2018 +0100

    d/copyright: Use https protocol in Format field

The Vcs URL is using anonscm.debian.org. Please update it for the move to salsa.debian.org.

Created: 2018-02-20 Last update: 2018-10-21 08:07

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

libgig-doc could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2018-10-21 11:14

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2017-10-26 07:22

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.2.1 instead of 4.1.3).

Created: 2018-04-16 Last update: 2018-08-26 08:16

news

[rss feed]

[2018-01-09] libgig 4.1.0~repack-2 MIGRATED to testing (Debian testing watch)
[2018-01-03] Accepted libgig 4.1.0~repack-2 (source) into unstable (Jaromír Mikeš)
[2018-01-02] Accepted libgig 4.1.0~repack-1 (source amd64 all) into experimental, experimental (Jaromír Mikeš) (signed by: James Cowgill)
[2017-10-19] libgig 4.0.0-5 MIGRATED to testing (Debian testing watch)
[2017-10-13] Accepted libgig 4.0.0-5 (source amd64 all) into unstable (Jaromír Mikeš)
[2017-09-03] libgig 4.0.0-4 MIGRATED to testing (Debian testing watch)
[2017-08-29] Accepted libgig 4.0.0-4 (source) into unstable (Paul Brossier)
[2017-07-08] libgig 4.0.0-3 MIGRATED to testing (Debian testing watch)
[2017-07-03] Accepted libgig 4.0.0-3 (source amd64 all) into unstable (Jaromír Mikeš)
[2017-06-30] libgig 4.0.0-2 MIGRATED to testing (Debian testing watch)
[2017-06-25] Accepted libgig 4.0.0-2 (source amd64 all) into unstable (Jaromír Mikeš)
[2016-12-05] Accepted libgig 4.0.0-1 (source amd64 all) into experimental, experimental (Jaromír Mikeš) (signed by: James Cowgill)
[2015-09-07] libgig 3.3.0-5 MIGRATED to testing (Britney)
[2015-08-04] Accepted libgig 3.3.0-5 (source all) into unstable (Sebastian Ramacher)
[2015-07-29] Accepted libgig 3.3.0-4 (source amd64 all) into experimental, experimental (Sebastian Ramacher)
[2014-04-10] libgig 3.3.0-3 MIGRATED to testing (Debian testing watch)
[2014-04-04] Accepted libgig 3.3.0-3 (source amd64 all) (Paul Brossier)
[2011-02-20] libgig 3.3.0-2 MIGRATED to testing (Debian testing watch)
[2011-02-09] Accepted libgig 3.3.0-2 (source all amd64) (Alessio Treglia)
[2009-12-24] libgig 3.3.0-1 MIGRATED to testing (Debian testing watch)
[2009-12-13] Accepted libgig 3.3.0-1 (source all amd64) (Alessio Treglia) (signed by: Free Ekanayaka)
[2009-02-16] libgig 3.2.1-3+cvs080916 MIGRATED to testing (Debian testing watch)
[2008-09-17] Accepted libgig 3.2.1-3+cvs080916 (source amd64) (Free Ekanayaka)
[2008-09-16] Accepted libgig 3.2.1-2+cvs080916 (source amd64) (Free Ekanayaka)
[2008-04-02] libgig 3.2.1-1.1 MIGRATED to testing (Debian testing watch)
[2008-03-22] Accepted libgig 3.2.1-1.1 (source i386) (Moritz Muehlenhoff)
[2007-12-17] libgig 3.2.1-1 MIGRATED to testing (Debian testing watch)
[2007-12-06] Accepted libgig 3.2.1-1 (source amd64) (Free Ekanayaka)
[2007-10-28] libgig 3.2.0-0.1 MIGRATED to testing (Debian testing watch)
[2007-10-17] Accepted libgig 3.2.0-0.1 (source amd64) (Free Ekanayaka)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 5)
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.1.0~repack-2