Debian Package Tracker

general

source: libgig (main)
version: 4.2.0~ds1-2
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Paul Brossier [DMD] – Free Ekanayaka [DMD] – Alessio Treglia [DMD] – Jaromír Mikeš [DMD] [DM]
arch: all any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.3.0-3
oldstable: 3.3.0-5
stable: 4.1.0~repack-2
testing: 4.2.0~ds1-2
unstable: 4.2.0~ds1-2

versioned links

3.3.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.3.0-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.1.0~repack-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.2.0~ds1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gigtools
libakai0
libgig-dev
libgig-doc
libgig9

action needed

17 security issues in buster high

There are 17 open security issues in buster.

17 important issues:

CVE-2018-14457: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-14456: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14455: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVE-2018-14454: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14453: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14452: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14451: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14450: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14459: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVE-2018-14458: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-18196: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.
CVE-2018-18197: An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.
CVE-2018-18194: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.
CVE-2018-18195: An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.
CVE-2018-18192: An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.
CVE-2018-18193: An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.
CVE-2018-14449: An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.

Please fix them.

Created: 2018-07-21 Last update: 2019-11-10 20:06

17 security issues in bullseye high

There are 17 open security issues in bullseye.

17 important issues:

CVE-2018-14457: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-14456: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14455: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVE-2018-14454: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14453: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14452: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14451: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14450: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14459: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVE-2018-14458: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-18196: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.
CVE-2018-18197: An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.
CVE-2018-18194: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.
CVE-2018-18195: An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.
CVE-2018-18192: An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.
CVE-2018-18193: An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.
CVE-2018-14449: An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.

Please fix them.

Created: 2019-07-07 Last update: 2019-11-10 20:06

17 security issues in sid high

There are 17 open security issues in sid.

17 important issues:

CVE-2018-14457: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-14456: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14455: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVE-2018-14454: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14453: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14452: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14451: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14450: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14459: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVE-2018-14458: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-18196: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.
CVE-2018-18197: An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.
CVE-2018-18194: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.
CVE-2018-18195: An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.
CVE-2018-18192: An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.
CVE-2018-18193: An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.
CVE-2018-14449: An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.

Please fix them.

Created: 2018-07-21 Last update: 2019-11-10 20:06

22 security issues in stretch high

There are 22 open security issues in stretch.

17 important issues:

CVE-2018-14457: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-14456: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14455: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVE-2018-14454: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14453: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14452: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14451: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14450: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14459: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVE-2018-14458: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-18196: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.
CVE-2018-18197: An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.
CVE-2018-18194: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.
CVE-2018-18195: An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.
CVE-2018-18192: An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.
CVE-2018-18193: An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.
CVE-2018-14449: An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.

5 issues skipped by the security teams:

CVE-2017-12953: The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.
CVE-2017-12952: The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-12951: The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file.
CVE-2017-12950: The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-12954: The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.

Please fix them.

Created: 2017-08-29 Last update: 2019-11-10 20:06

2 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 189dc39c387758b4e1106c0d74eed5405460a260
Author: Olivier Humbert <trebmuh@tuxfamily.org>
Date:   Sat Oct 26 19:55:56 2019 +0000

    Update copyright (http -> https + add myself)

commit f86c55e77e1619abd5903e149d7fd0cec0e72752
Author: Ondřej Nový <onovy@debian.org>
Date:   Fri Oct 18 16:52:29 2019 +0200

    Bump Standards-Version to 4.4.1

Created: 2019-10-18 Last update: 2019-12-14 03:25

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

libgig-doc could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2019-12-16 07:47

22 ignored security issues in jessie low

There are 22 open security issues in jessie.

22 issues skipped by the security teams:

CVE-2017-12953: The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.
CVE-2017-12952: The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-12951: The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file.
CVE-2017-12950: The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-12954: The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
CVE-2018-14457: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-14456: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14455: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVE-2018-14454: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14453: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14452: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14451: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14450: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14459: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVE-2018-14458: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-18196: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.
CVE-2018-18197: An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.
CVE-2018-18194: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.
CVE-2018-18195: An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.
CVE-2018-18192: An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.
CVE-2018-18193: An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.
CVE-2018-14449: An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.

Please fix them.

Created: 2017-08-29 Last update: 2019-11-10 20:06

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2017-10-26 07:22

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.1 instead of 4.4.0).

Created: 2019-09-29 Last update: 2019-09-29 23:39

news

[rss feed]

[2019-09-17] libgig 4.2.0~ds1-2 MIGRATED to testing (Debian testing watch)
[2019-09-11] Accepted libgig 4.2.0~ds1-2 (source) into unstable (Sebastian Ramacher)
[2019-09-11] Accepted libgig 4.2.0~ds1-1 (all amd64 source) into experimental, experimental (Sebastian Ramacher)
[2018-01-09] libgig 4.1.0~repack-2 MIGRATED to testing (Debian testing watch)
[2018-01-03] Accepted libgig 4.1.0~repack-2 (source) into unstable (Jaromír Mikeš)
[2018-01-02] Accepted libgig 4.1.0~repack-1 (source amd64 all) into experimental, experimental (Jaromír Mikeš) (signed by: James Cowgill)
[2017-10-19] libgig 4.0.0-5 MIGRATED to testing (Debian testing watch)
[2017-10-13] Accepted libgig 4.0.0-5 (source amd64 all) into unstable (Jaromír Mikeš)
[2017-09-03] libgig 4.0.0-4 MIGRATED to testing (Debian testing watch)
[2017-08-29] Accepted libgig 4.0.0-4 (source) into unstable (Paul Brossier)
[2017-07-08] libgig 4.0.0-3 MIGRATED to testing (Debian testing watch)
[2017-07-03] Accepted libgig 4.0.0-3 (source amd64 all) into unstable (Jaromír Mikeš)
[2017-06-30] libgig 4.0.0-2 MIGRATED to testing (Debian testing watch)
[2017-06-25] Accepted libgig 4.0.0-2 (source amd64 all) into unstable (Jaromír Mikeš)
[2016-12-05] Accepted libgig 4.0.0-1 (source amd64 all) into experimental, experimental (Jaromír Mikeš) (signed by: James Cowgill)
[2015-09-07] libgig 3.3.0-5 MIGRATED to testing (Britney)
[2015-08-04] Accepted libgig 3.3.0-5 (source all) into unstable (Sebastian Ramacher)
[2015-07-29] Accepted libgig 3.3.0-4 (source amd64 all) into experimental, experimental (Sebastian Ramacher)
[2014-04-10] libgig 3.3.0-3 MIGRATED to testing (Debian testing watch)
[2014-04-04] Accepted libgig 3.3.0-3 (source amd64 all) (Paul Brossier)
[2011-02-20] libgig 3.3.0-2 MIGRATED to testing (Debian testing watch)
[2011-02-09] Accepted libgig 3.3.0-2 (source all amd64) (Alessio Treglia)
[2009-12-24] libgig 3.3.0-1 MIGRATED to testing (Debian testing watch)
[2009-12-13] Accepted libgig 3.3.0-1 (source all amd64) (Alessio Treglia) (signed by: Free Ekanayaka)
[2009-02-16] libgig 3.2.1-3+cvs080916 MIGRATED to testing (Debian testing watch)
[2008-09-17] Accepted libgig 3.2.1-3+cvs080916 (source amd64) (Free Ekanayaka)
[2008-09-16] Accepted libgig 3.2.1-2+cvs080916 (source amd64) (Free Ekanayaka)
[2008-04-02] libgig 3.2.1-1.1 MIGRATED to testing (Debian testing watch)
[2008-03-22] Accepted libgig 3.2.1-1.1 (source i386) (Moritz Muehlenhoff)
[2007-12-17] libgig 3.2.1-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.2.0~ds1-2