Debian Package Tracker
Register | Log in
Subscribe

libsixel

Choose email to subscribe with

general
  • source: libsixel (main)
  • version: 1.10.3-3
  • maintainer: NOKUBI Takatsugu (DMD)
  • arch: all any
  • std-ver: 4.1.5
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1.5.2-2+deb9u1
  • oldstable: 1.8.2-1+deb10u1
  • stable: 1.8.6-2
  • testing: 1.10.3-3
  • unstable: 1.10.3-3
versioned links
  • 1.5.2-2+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.8.2-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.8.6-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.10.3-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libsixel-bin
  • libsixel-dev (1 bugs: 0, 1, 0, 0)
  • libsixel-examples
  • libsixel1
action needed
Problems while searching for a new upstream version high
uscan had problems while searching for a new upstream version:
In debian/watch no matching files for watch line
  https://github.com/libsixel/libsixel/releases (?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
Created: 2022-09-23 Last update: 2023-03-23 14:32
Failed to analyze the VCS repository. Please troubleshoot and fix the issue. high
vcswatch reports that there is an error with this package's VCS, or the debian/changelog file inside it. Please check the error shown below and try to fix it. You might have to update the VCS URL in the debian/control file to point to the correct repository.

fatal: unable to access 'https://salsa.debian.org/debian/libsixel.git/': Failed to connect to salsa.debian.org port 443: No route to host
Created: 2021-09-03 Last update: 2023-03-17 07:06
5 security issues in sid high

There are 5 open security issues in sid.

5 important issues:
  • CVE-2020-36120: Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).
  • CVE-2021-45340: In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.
  • CVE-2021-46700: In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.
  • CVE-2022-29977: There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
  • CVE-2022-29978: There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
Created: 2022-07-04 Last update: 2023-02-21 19:38
lintian reports 2 warnings normal
Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2020-08-22 Last update: 2023-02-04 14:04
Multiarch hinter reports 1 issue(s) low
There are issues with the multiarch metadata for this package.
  • libsixel-examples could be marked Multi-Arch: foreign
Created: 2017-08-28 Last update: 2023-03-23 16:42
11 low-priority security issues in bullseye low

There are 11 open security issues in bullseye.

10 issues left for the package maintainer to handle:
  • CVE-2020-11721: (needs triaging) load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service.
  • CVE-2020-19668: (needs triaging) Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6.
  • CVE-2021-40656: (needs triaging) libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.
  • CVE-2021-41715: (needs triaging) libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379.
  • CVE-2021-45340: (needs triaging) In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.
  • CVE-2021-46700: (needs triaging) In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.
  • CVE-2022-27044: (needs triaging) libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876.
  • CVE-2022-27046: (needs triaging) libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388.
  • CVE-2022-29977: (needs triaging) There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
  • CVE-2022-29978: (needs triaging) There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.

You can find information about how to handle these issues in the security team's documentation.

1 ignored issue:
  • CVE-2020-36120: Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).
Created: 2022-07-04 Last update: 2023-02-21 19:38
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.1.5).
Created: 2018-08-20 Last update: 2022-12-17 19:18
news
[rss feed]
  • [2022-01-16] libsixel 1.10.3-3 MIGRATED to testing (Debian testing watch)
  • [2022-01-13] Accepted libsixel 1.10.3-3 (source) into unstable (NOKUBI Takatsugu)
  • [2022-01-13] Accepted libsixel 1.10.3-2 (source) into unstable (NOKUBI Takatsugu)
  • [2022-01-12] Accepted libsixel 1.10.3-1 (source) into unstable (NOKUBI Takatsugu)
  • [2020-05-09] libsixel 1.8.6-2 MIGRATED to testing (Debian testing watch)
  • [2020-05-07] Accepted libsixel 1.8.6-2 (source) into unstable (NOKUBI Takatsugu)
  • [2020-03-10] libsixel 1.8.6-1 MIGRATED to testing (Debian testing watch)
  • [2020-03-05] Accepted libsixel 1.8.6-1 (source) into unstable (NOKUBI Takatsugu)
  • [2019-12-03] Accepted libsixel 1.5.2-2+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (NOKUBI Takatsugu)
  • [2019-11-09] Accepted libsixel 1.8.2-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (NOKUBI Takatsugu)
  • [2019-09-23] libsixel 1.8.2-2.1 MIGRATED to testing (Debian testing watch)
  • [2019-09-20] Accepted libsixel 1.8.2-2.1 (source) into unstable (Boyuan Yang)
  • [2019-09-09] Accepted libsixel 1.8.2-2 (source amd64 all) into unstable (NOKUBI Takatsugu)
  • [2018-07-28] libsixel 1.8.2-1 MIGRATED to testing (Debian testing watch)
  • [2018-07-23] Accepted libsixel 1.8.2-1 (source amd64 all) into unstable (NOKUBI Takatsugu)
  • [2018-07-16] libsixel 1.8.1-1 MIGRATED to testing (Debian testing watch)
  • [2018-07-11] Accepted libsixel 1.8.1-1 (source amd64 all) into unstable (NOKUBI Takatsugu)
  • [2017-09-02] libsixel 1.7.3-1 MIGRATED to testing (Debian testing watch)
  • [2017-08-28] Accepted libsixel 1.7.3-1 (source amd64 all) into unstable, unstable (NOKUBI Takatsugu)
  • [2015-09-09] libsixel 1.5.2-2 MIGRATED to testing (Britney)
  • [2015-09-04] Accepted libsixel 1.5.2-2 (source i386) into unstable (NOKUBI Takatsugu)
  • [2015-09-01] Accepted libsixel 1.5.2-1 (source i386) into unstable (NOKUBI Takatsugu)
  • [2015-04-27] libsixel 1.4.2-1 MIGRATED to testing (Britney)
  • [2014-12-09] Accepted libsixel 1.4.2-1 (source i386) into unstable (NOKUBI Takatsugu)
  • [2014-12-09] Accepted libsixel 1.1.2-2 (source i386) into unstable (NOKUBI Takatsugu)
  • [2014-11-04] libsixel 1.1.2-1 MIGRATED to testing (Britney)
  • [2014-10-24] Accepted libsixel 1.1.2-1 (source i386) into unstable, unstable (NOKUBI Takatsugu)
bugs [bug history graph]
  • all: 9
  • RC: 0
  • I&N: 8
  • M&W: 1
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 2)
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.10.3-3

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing