Debian Package Tracker

general

source: libgig (main)
version: 4.1.0~repack-2
maintainer: Debian Multimedia Maintainers (archive) [DMD]
uploaders: Alessio Treglia [DMD] – Jaromír Mikeš [DMD] [dm] – Paul Brossier [DMD] – Free Ekanayaka [DMD]
arch: all any
std-ver: 4.1.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.3.0-2
oldstable: 3.3.0-3
stable: 3.3.0-5
testing: 4.1.0~repack-2
unstable: 4.1.0~repack-2

versioned links

3.3.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.3.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.3.0-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.1.0~repack-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gigtools
libakai0
libgig-dev
libgig-doc
libgig8

action needed

11 security issues in sid high

There are 11 open security issues in sid.

11 important issues:

CVE-2018-14453: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14449: An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.
CVE-2018-14452: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14454: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14458: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-14456: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14451: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14457: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-14459: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVE-2018-14455: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVE-2018-14450: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.

Please fix them.

Created: 2018-07-21 Last update: 2018-07-22 08:10

11 security issues in buster high

There are 11 open security issues in buster.

11 important issues:

CVE-2018-14453: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14449: An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.
CVE-2018-14452: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14454: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14458: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-14456: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14451: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14457: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-14459: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVE-2018-14455: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVE-2018-14450: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.

Please fix them.

Created: 2018-07-21 Last update: 2018-07-22 08:10

16 security issues in jessie high

There are 16 open security issues in jessie.

11 important issues:

CVE-2018-14453: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14449: An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.
CVE-2018-14452: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14454: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14458: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-14456: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14451: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14457: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-14459: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVE-2018-14455: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVE-2018-14450: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.

5 issues skipped by the security teams:

CVE-2017-12950: The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-12952: The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-12954: The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
CVE-2017-12951: The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file.
CVE-2017-12953: The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.

Please fix them.

Created: 2017-08-29 Last update: 2018-07-22 08:10

16 security issues in stretch high

There are 16 open security issues in stretch.

11 important issues:

CVE-2018-14453: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14449: An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.
CVE-2018-14452: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14454: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14458: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-14456: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14451: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14457: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-14459: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVE-2018-14455: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVE-2018-14450: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.

5 issues skipped by the security teams:

CVE-2017-12950: The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-12952: The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-12954: The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
CVE-2017-12951: The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file.
CVE-2017-12953: The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.

Please fix them.

Created: 2017-08-29 Last update: 2018-07-22 08:10

lintian reports 5 warnings high

Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2016-04-26 Last update: 2018-04-16 07:55

Depends on packages which need a new maintainer normal

The packages that libgig depends on which need a new maintainer are:

libtool (#905994)
- Build-Depends: libtool

Created: 2018-08-13 Last update: 2018-08-16 02:15

3 new commits since last upload, time to release an update? normal

vcswatch reports that this package seems to have new commits in its VCS. You should consider updating the debian/changelog and uploading this new version into the archive.

The Vcs URL is using anonscm.debian.org. Please update it for the move to salsa.debian.org.

Created: 2018-02-20 Last update: 2018-07-03 15:58

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

libgig-doc could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2018-08-15 20:26

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2017-10-26 07:22

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.1.4 instead of 4.1.3).

Created: 2018-04-16 Last update: 2018-04-16 20:46

news

[rss feed]

[2018-01-09] libgig 4.1.0~repack-2 MIGRATED to testing (Debian testing watch)
[2018-01-03] Accepted libgig 4.1.0~repack-2 (source) into unstable (Jaromír Mikeš)
[2018-01-02] Accepted libgig 4.1.0~repack-1 (source amd64 all) into experimental, experimental (Jaromír Mikeš) (signed by: James Cowgill)
[2017-10-19] libgig 4.0.0-5 MIGRATED to testing (Debian testing watch)
[2017-10-13] Accepted libgig 4.0.0-5 (source amd64 all) into unstable (Jaromír Mikeš)
[2017-09-03] libgig 4.0.0-4 MIGRATED to testing (Debian testing watch)
[2017-08-29] Accepted libgig 4.0.0-4 (source) into unstable (Paul Brossier)
[2017-07-08] libgig 4.0.0-3 MIGRATED to testing (Debian testing watch)
[2017-07-03] Accepted libgig 4.0.0-3 (source amd64 all) into unstable (Jaromír Mikeš)
[2017-06-30] libgig 4.0.0-2 MIGRATED to testing (Debian testing watch)
[2017-06-25] Accepted libgig 4.0.0-2 (source amd64 all) into unstable (Jaromír Mikeš)
[2016-12-05] Accepted libgig 4.0.0-1 (source amd64 all) into experimental, experimental (Jaromír Mikeš) (signed by: James Cowgill)
[2015-09-07] libgig 3.3.0-5 MIGRATED to testing (Britney)
[2015-08-04] Accepted libgig 3.3.0-5 (source all) into unstable (Sebastian Ramacher)
[2015-07-29] Accepted libgig 3.3.0-4 (source amd64 all) into experimental, experimental (Sebastian Ramacher)
[2014-04-10] libgig 3.3.0-3 MIGRATED to testing (Debian testing watch)
[2014-04-04] Accepted libgig 3.3.0-3 (source amd64 all) (Paul Brossier)
[2011-02-20] libgig 3.3.0-2 MIGRATED to testing (Debian testing watch)
[2011-02-09] Accepted libgig 3.3.0-2 (source all amd64) (Alessio Treglia)
[2009-12-24] libgig 3.3.0-1 MIGRATED to testing (Debian testing watch)
[2009-12-13] Accepted libgig 3.3.0-1 (source all amd64) (Alessio Treglia) (signed by: Free Ekanayaka)
[2009-02-16] libgig 3.2.1-3+cvs080916 MIGRATED to testing (Debian testing watch)
[2008-09-17] Accepted libgig 3.2.1-3+cvs080916 (source amd64) (Free Ekanayaka)
[2008-09-16] Accepted libgig 3.2.1-2+cvs080916 (source amd64) (Free Ekanayaka)
[2008-04-02] libgig 3.2.1-1.1 MIGRATED to testing (Debian testing watch)
[2008-03-22] Accepted libgig 3.2.1-1.1 (source i386) (Moritz Muehlenhoff)
[2007-12-17] libgig 3.2.1-1 MIGRATED to testing (Debian testing watch)
[2007-12-06] Accepted libgig 3.2.1-1 (source amd64) (Free Ekanayaka)
[2007-10-28] libgig 3.2.0-0.1 MIGRATED to testing (Debian testing watch)
[2007-10-17] Accepted libgig 3.2.0-0.1 (source amd64) (Free Ekanayaka)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 5)
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.1.0~repack-2