Debian Package Tracker

general

source: libgig (main)
version: 4.2.0~ds1-2
maintainer: Debian Multimedia Maintainers (archive) (DMD)
uploaders: Paul Brossier [DMD] – Free Ekanayaka [DMD] – Alessio Treglia [DMD] – Jaromír Mikeš [DMD] [DM]
arch: all any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.3.0-3
oldstable: 3.3.0-5
stable: 4.1.0~repack-2
testing: 4.2.0~ds1-2
unstable: 4.2.0~ds1-2

versioned links

3.3.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.3.0-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.1.0~repack-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.2.0~ds1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gigtools
libakai0
libgig-dev
libgig-doc
libgig9

action needed

17 security issues in sid high

There are 17 open security issues in sid.

17 important issues:

CVE-2018-14449: An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.
CVE-2018-14450: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14451: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14452: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14453: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14454: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14455: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVE-2018-14456: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14457: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-14458: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-14459: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVE-2018-18192: An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.
CVE-2018-18193: An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.
CVE-2018-18194: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.
CVE-2018-18195: An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.
CVE-2018-18196: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.
CVE-2018-18197: An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.

Please fix them.

Created: 2018-07-21 Last update: 2020-08-07 06:08

17 security issues in bullseye high

There are 17 open security issues in bullseye.

17 important issues:

CVE-2018-14449: An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.
CVE-2018-14450: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14451: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14452: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14453: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14454: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14455: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVE-2018-14456: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14457: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-14458: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-14459: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVE-2018-18192: An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.
CVE-2018-18193: An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.
CVE-2018-18194: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.
CVE-2018-18195: An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.
CVE-2018-18196: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.
CVE-2018-18197: An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.

Please fix them.

Created: 2019-07-07 Last update: 2020-08-07 06:08

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2020-07-27 Last update: 2020-08-09 04:42

2 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 189dc39c387758b4e1106c0d74eed5405460a260
Author: Olivier Humbert <trebmuh@tuxfamily.org>
Date:   Sat Oct 26 19:55:56 2019 +0000

    Update copyright (http -> https + add myself)

commit f86c55e77e1619abd5903e149d7fd0cec0e72752
Author: Ondřej Nový <onovy@debian.org>
Date:   Fri Oct 18 16:52:29 2019 +0200

    Bump Standards-Version to 4.4.1

Created: 2019-10-18 Last update: 2020-08-08 12:01

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-07-29 12:32

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

libgig-doc could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2020-08-09 04:43

22 ignored security issues in stretch low

There are 22 open security issues in stretch.

22 issues skipped by the security teams:

CVE-2017-12950: The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-12951: The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file.
CVE-2017-12952: The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
CVE-2017-12953: The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.
CVE-2017-12954: The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
CVE-2018-14449: An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.
CVE-2018-14450: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14451: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14452: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14453: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14454: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14455: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVE-2018-14456: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14457: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-14458: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-14459: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVE-2018-18192: An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.
CVE-2018-18193: An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.
CVE-2018-18194: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.
CVE-2018-18195: An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.
CVE-2018-18196: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.
CVE-2018-18197: An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.

Please fix them.

Created: 2017-08-29 Last update: 2020-08-07 06:08

17 ignored security issues in buster low

There are 17 open security issues in buster.

17 issues skipped by the security teams:

CVE-2018-14449: An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.
CVE-2018-14450: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14451: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14452: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVE-2018-14453: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.
CVE-2018-14454: An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.
CVE-2018-14455: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.
CVE-2018-14456: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.
CVE-2018-14457: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.
CVE-2018-14458: An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.
CVE-2018-14459: An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.
CVE-2018-18192: An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.
CVE-2018-18193: An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.
CVE-2018-18194: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.
CVE-2018-18195: An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.
CVE-2018-18196: An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.
CVE-2018-18197: An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.

Please fix them.

Created: 2018-07-21 Last update: 2020-08-07 06:08

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2017-10-26 07:22

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.4.0).

Created: 2019-09-29 Last update: 2020-01-21 05:05

news

[rss feed]

[2019-09-17] libgig 4.2.0~ds1-2 MIGRATED to testing (Debian testing watch)
[2019-09-11] Accepted libgig 4.2.0~ds1-2 (source) into unstable (Sebastian Ramacher)
[2019-09-11] Accepted libgig 4.2.0~ds1-1 (all amd64 source) into experimental, experimental (Sebastian Ramacher)
[2018-01-09] libgig 4.1.0~repack-2 MIGRATED to testing (Debian testing watch)
[2018-01-03] Accepted libgig 4.1.0~repack-2 (source) into unstable (Jaromír Mikeš)
[2018-01-02] Accepted libgig 4.1.0~repack-1 (source amd64 all) into experimental, experimental (Jaromír Mikeš) (signed by: James Cowgill)
[2017-10-19] libgig 4.0.0-5 MIGRATED to testing (Debian testing watch)
[2017-10-13] Accepted libgig 4.0.0-5 (source amd64 all) into unstable (Jaromír Mikeš)
[2017-09-03] libgig 4.0.0-4 MIGRATED to testing (Debian testing watch)
[2017-08-29] Accepted libgig 4.0.0-4 (source) into unstable (Paul Brossier)
[2017-07-08] libgig 4.0.0-3 MIGRATED to testing (Debian testing watch)
[2017-07-03] Accepted libgig 4.0.0-3 (source amd64 all) into unstable (Jaromír Mikeš)
[2017-06-30] libgig 4.0.0-2 MIGRATED to testing (Debian testing watch)
[2017-06-25] Accepted libgig 4.0.0-2 (source amd64 all) into unstable (Jaromír Mikeš)
[2016-12-05] Accepted libgig 4.0.0-1 (source amd64 all) into experimental, experimental (Jaromír Mikeš) (signed by: James Cowgill)
[2015-09-07] libgig 3.3.0-5 MIGRATED to testing (Britney)
[2015-08-04] Accepted libgig 3.3.0-5 (source all) into unstable (Sebastian Ramacher)
[2015-07-29] Accepted libgig 3.3.0-4 (source amd64 all) into experimental, experimental (Sebastian Ramacher)
[2014-04-10] libgig 3.3.0-3 MIGRATED to testing (Debian testing watch)
[2014-04-04] Accepted libgig 3.3.0-3 (source amd64 all) (Paul Brossier)
[2011-02-20] libgig 3.3.0-2 MIGRATED to testing (Debian testing watch)
[2011-02-09] Accepted libgig 3.3.0-2 (source all amd64) (Alessio Treglia)
[2009-12-24] libgig 3.3.0-1 MIGRATED to testing (Debian testing watch)
[2009-12-13] Accepted libgig 3.3.0-1 (source all amd64) (Alessio Treglia) (signed by: Free Ekanayaka)
[2009-02-16] libgig 3.2.1-3+cvs080916 MIGRATED to testing (Debian testing watch)
[2008-09-17] Accepted libgig 3.2.1-3+cvs080916 (source amd64) (Free Ekanayaka)
[2008-09-16] Accepted libgig 3.2.1-2+cvs080916 (source amd64) (Free Ekanayaka)
[2008-04-02] libgig 3.2.1-1.1 MIGRATED to testing (Debian testing watch)
[2008-03-22] Accepted libgig 3.2.1-1.1 (source i386) (Moritz Muehlenhoff)
[2007-12-17] libgig 3.2.1-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.2.0~ds1-2build1