Debian Package Tracker

general

source: libsixel (main)
version: 1.8.2-2
maintainer: NOKUBI Takatsugu (DMD)
arch: all any
std-ver: 4.1.5
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.1.2-1
oldstable: 1.5.2-2
stable: 1.8.2-1
testing: 1.8.2-1
unstable: 1.8.2-2

versioned links

1.1.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.5.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.8.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.8.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsixel-bin
libsixel-dev
libsixel-examples
libsixel1

action needed

8 security issues in bullseye high

There are 8 open security issues in bullseye.

8 important issues:

CVE-2018-19762: There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.
CVE-2018-19763: There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service.
CVE-2018-19761: There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service.
CVE-2019-3574: In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel.
CVE-2019-3573: In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png.
CVE-2018-19759: There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.
CVE-2018-19757: There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.
CVE-2018-19756: There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.

Please fix them.

Created: 2019-07-07 Last update: 2019-09-09 12:19

10 security issues in jessie high

There are 10 open security issues in jessie.

6 important issues:

CVE-2018-19762: There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.
CVE-2018-19763: There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service.
CVE-2018-19761: There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service.
CVE-2018-19759: There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.
CVE-2018-19757: There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.
CVE-2018-19756: There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.

4 issues skipped by the security teams:

CVE-2019-3574: In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel.
CVE-2018-14073: libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c.
CVE-2018-14072: libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c.
CVE-2019-3573: In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png.

Please fix them.

Created: 2018-07-16 Last update: 2019-09-09 12:19

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2019-09-14 Last update: 2019-09-15 14:08

lintian reports 5 warnings normal

Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-08-28 Last update: 2019-09-10 02:44

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

libsixel-examples could be marked Multi-Arch: foreign

Created: 2017-08-28 Last update: 2019-09-15 12:43

8 ignored security issues in buster low

There are 8 open security issues in buster.

8 issues skipped by the security teams:

CVE-2018-19762: There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.
CVE-2018-19763: There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service.
CVE-2018-19761: There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service.
CVE-2019-3574: In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel.
CVE-2019-3573: In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png.
CVE-2018-19759: There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.
CVE-2018-19757: There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.
CVE-2018-19756: There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.

Please fix them.

Created: 2019-01-03 Last update: 2019-09-09 12:19

10 ignored security issues in stretch low

There are 10 open security issues in stretch.

10 issues skipped by the security teams:

CVE-2018-19762: There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.
CVE-2018-19763: There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service.
CVE-2018-19761: There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service.
CVE-2019-3574: In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel.
CVE-2018-14073: libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c.
CVE-2018-14072: libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c.
CVE-2019-3573: In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png.
CVE-2018-19759: There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.
CVE-2018-19757: There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.
CVE-2018-19756: There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.

Please fix them.

Created: 2018-07-16 Last update: 2019-09-09 12:19

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.1.5).

Created: 2018-08-20 Last update: 2019-09-09 12:49

testing migrations

excuses:
- Migration status for libsixel (1.8.2-1 to 1.8.2-2): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- Not built on buildd: arch amd64 binaries uploaded by knok
- Not built on buildd: arch all binaries uploaded by knok, a new source-only upload is needed to allow migration
- Additional info:
- Piuparts tested OK - https://piuparts.debian.org/sid/source/libs/libsixel.html
- 6 days old (needed 5 days)
- Not considered

news

[rss feed]

[2019-09-09] Accepted libsixel 1.8.2-2 (source amd64 all) into unstable (NOKUBI Takatsugu)
[2018-07-28] libsixel 1.8.2-1 MIGRATED to testing (Debian testing watch)
[2018-07-23] Accepted libsixel 1.8.2-1 (source amd64 all) into unstable (NOKUBI Takatsugu)
[2018-07-16] libsixel 1.8.1-1 MIGRATED to testing (Debian testing watch)
[2018-07-11] Accepted libsixel 1.8.1-1 (source amd64 all) into unstable (NOKUBI Takatsugu)
[2017-09-02] libsixel 1.7.3-1 MIGRATED to testing (Debian testing watch)
[2017-08-28] Accepted libsixel 1.7.3-1 (source amd64 all) into unstable, unstable (NOKUBI Takatsugu)
[2015-09-09] libsixel 1.5.2-2 MIGRATED to testing (Britney)
[2015-09-04] Accepted libsixel 1.5.2-2 (source i386) into unstable (NOKUBI Takatsugu)
[2015-09-01] Accepted libsixel 1.5.2-1 (source i386) into unstable (NOKUBI Takatsugu)
[2015-04-27] libsixel 1.4.2-1 MIGRATED to testing (Britney)
[2014-12-09] Accepted libsixel 1.4.2-1 (source i386) into unstable (NOKUBI Takatsugu)
[2014-12-09] Accepted libsixel 1.1.2-2 (source i386) into unstable (NOKUBI Takatsugu)
[2014-11-04] libsixel 1.1.2-1 MIGRATED to testing (Britney)
[2014-10-24] Accepted libsixel 1.1.2-1 (source i386) into unstable, unstable (NOKUBI Takatsugu)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 5)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.8.2-1