libsixel - Debian Package Tracker

general

source: libsixel (main)
version: 1.10.5-1
maintainer: NOKUBI Takatsugu (DMD)
arch: all any
std-ver: 4.1.5
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.8.2-1+deb10u1
oldstable: 1.8.6-2
stable: 1.10.3-3
testing: 1.10.5-1
unstable: 1.10.5-1

versioned links

1.8.2-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.8.6-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.3-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsixel-bin
libsixel-dev (1 bugs: 0, 1, 0, 0)
libsixel-examples
libsixel1

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  https://github.com/libsixel/libsixel/releases (?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate

Created: 2022-09-23 Last update: 2025-04-28 18:02

5 security issues in trixie high

There are 5 open security issues in trixie.

3 important issues:

CVE-2020-36120: Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).
CVE-2021-45340: In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.
CVE-2021-46700: In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.

2 issues postponed or untriaged:

CVE-2022-29977: (postponed; to be fixed through a stable update) There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
CVE-2022-29978: (postponed; to be fixed through a stable update) There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.

Created: 2023-06-11 Last update: 2025-04-20 10:00

5 security issues in sid high

There are 5 open security issues in sid.

5 important issues:

CVE-2020-36120: Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).
CVE-2021-45340: In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.
CVE-2021-46700: In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.
CVE-2022-29977: There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
CVE-2022-29978: There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.

Created: 2022-07-04 Last update: 2025-04-20 10:00

lintian reports 6 warnings normal

Lintian reports 6 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-08-22 Last update: 2025-01-13 21:01

5 low-priority security issues in bookworm low

There are 5 open security issues in bookworm.

3 issues left for the package maintainer to handle:

CVE-2021-46700: (needs triaging) In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.
CVE-2022-29977: (postponed; to be fixed through a stable update) There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
CVE-2022-29978: (postponed; to be fixed through a stable update) There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.

You can find information about how to handle these issues in the security team's documentation.

2 ignored issues:

CVE-2020-36120: Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).
CVE-2021-45340: In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.

Created: 2023-06-10 Last update: 2025-04-20 10:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.1.5).

Created: 2018-08-20 Last update: 2025-02-27 13:25

news

[rss feed]

[2025-01-15] libsixel 1.10.5-1 MIGRATED to testing (Debian testing watch)
[2025-01-13] Accepted libsixel 1.10.5-1 (source) into unstable (NOKUBI Takatsugu)
[2022-01-16] libsixel 1.10.3-3 MIGRATED to testing (Debian testing watch)
[2022-01-13] Accepted libsixel 1.10.3-3 (source) into unstable (NOKUBI Takatsugu)
[2022-01-13] Accepted libsixel 1.10.3-2 (source) into unstable (NOKUBI Takatsugu)
[2022-01-12] Accepted libsixel 1.10.3-1 (source) into unstable (NOKUBI Takatsugu)
[2020-05-09] libsixel 1.8.6-2 MIGRATED to testing (Debian testing watch)
[2020-05-07] Accepted libsixel 1.8.6-2 (source) into unstable (NOKUBI Takatsugu)
[2020-03-10] libsixel 1.8.6-1 MIGRATED to testing (Debian testing watch)
[2020-03-05] Accepted libsixel 1.8.6-1 (source) into unstable (NOKUBI Takatsugu)
[2019-12-03] Accepted libsixel 1.5.2-2+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (NOKUBI Takatsugu)
[2019-11-09] Accepted libsixel 1.8.2-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (NOKUBI Takatsugu)
[2019-09-23] libsixel 1.8.2-2.1 MIGRATED to testing (Debian testing watch)
[2019-09-20] Accepted libsixel 1.8.2-2.1 (source) into unstable (Boyuan Yang)
[2019-09-09] Accepted libsixel 1.8.2-2 (source amd64 all) into unstable (NOKUBI Takatsugu)
[2018-07-28] libsixel 1.8.2-1 MIGRATED to testing (Debian testing watch)
[2018-07-23] Accepted libsixel 1.8.2-1 (source amd64 all) into unstable (NOKUBI Takatsugu)
[2018-07-16] libsixel 1.8.1-1 MIGRATED to testing (Debian testing watch)
[2018-07-11] Accepted libsixel 1.8.1-1 (source amd64 all) into unstable (NOKUBI Takatsugu)
[2017-09-02] libsixel 1.7.3-1 MIGRATED to testing (Debian testing watch)
[2017-08-28] Accepted libsixel 1.7.3-1 (source amd64 all) into unstable, unstable (NOKUBI Takatsugu)
[2015-09-09] libsixel 1.5.2-2 MIGRATED to testing (Britney)
[2015-09-04] Accepted libsixel 1.5.2-2 (source i386) into unstable (NOKUBI Takatsugu)
[2015-09-01] Accepted libsixel 1.5.2-1 (source i386) into unstable (NOKUBI Takatsugu)
[2015-04-27] libsixel 1.4.2-1 MIGRATED to testing (Britney)
[2014-12-09] Accepted libsixel 1.4.2-1 (source i386) into unstable (NOKUBI Takatsugu)
[2014-12-09] Accepted libsixel 1.1.2-2 (source i386) into unstable (NOKUBI Takatsugu)
[2014-11-04] libsixel 1.1.2-1 MIGRATED to testing (Britney)
[2014-10-24] Accepted libsixel 1.1.2-1 (source i386) into unstable, unstable (NOKUBI Takatsugu)

bugs [bug history graph]

all: 9
RC: 0
I&N: 8
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (0, 6)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.10.5-1