Debian Package Tracker

general

source: libsixel (main)
version: 1.8.6-2
maintainer: NOKUBI Takatsugu (DMD)
arch: all any
std-ver: 4.1.5
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.1.2-1
oldstable: 1.5.2-2+deb9u1
stable: 1.8.2-1+deb10u1
testing: 1.8.6-2
unstable: 1.8.6-2

versioned links

1.1.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.5.2-2+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.8.2-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.8.6-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsixel-bin
libsixel-dev
libsixel-examples
libsixel1

action needed

The VCS repository is not up to date, push the missing commits. high

vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits and/or your tags, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.

Created: 2020-05-07 Last update: 2020-10-26 14:34

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2020-11721: load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service.

Please fix it.

Created: 2020-04-13 Last update: 2020-10-21 19:04

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2020-11721: load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service.

Please fix it.

Created: 2020-04-13 Last update: 2020-10-21 19:04

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-08-22 Last update: 2020-08-22 06:04

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

libsixel-examples could be marked Multi-Arch: foreign

Created: 2017-08-28 Last update: 2020-10-29 14:35

14 ignored security issues in stretch low

There are 14 open security issues in stretch.

14 issues skipped by the security teams:

CVE-2019-19635: An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19636: An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.
CVE-2019-19637: An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19638: An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.
CVE-2019-19777: stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.
CVE-2019-19778: An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c.
CVE-2019-20022: An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3.
CVE-2019-20023: A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4.
CVE-2019-20024: A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4.
CVE-2019-20056: stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.
CVE-2019-20094: An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_init_frame at fromgif.c.
CVE-2019-20140: An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_out_code at fromgif.c.
CVE-2019-20205: libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c.
CVE-2020-11721: load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service.

Please fix them.

Created: 2018-07-16 Last update: 2020-10-21 19:04

14 ignored security issues in buster low

There are 14 open security issues in buster.

14 issues skipped by the security teams:

CVE-2019-19635: An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19636: An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.
CVE-2019-19637: An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19638: An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.
CVE-2019-19777: stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.
CVE-2019-19778: An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c.
CVE-2019-20022: An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3.
CVE-2019-20023: A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4.
CVE-2019-20024: A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4.
CVE-2019-20056: stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.
CVE-2019-20094: An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_init_frame at fromgif.c.
CVE-2019-20140: An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_out_code at fromgif.c.
CVE-2019-20205: libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c.
CVE-2020-11721: load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service.

Please fix them.

Created: 2019-12-08 Last update: 2020-10-21 19:04

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.1.5).

Created: 2018-08-20 Last update: 2020-05-07 10:05

news

[rss feed]

[2020-05-09] libsixel 1.8.6-2 MIGRATED to testing (Debian testing watch)
[2020-05-07] Accepted libsixel 1.8.6-2 (source) into unstable (NOKUBI Takatsugu)
[2020-03-10] libsixel 1.8.6-1 MIGRATED to testing (Debian testing watch)
[2020-03-05] Accepted libsixel 1.8.6-1 (source) into unstable (NOKUBI Takatsugu)
[2019-12-03] Accepted libsixel 1.5.2-2+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (NOKUBI Takatsugu)
[2019-11-09] Accepted libsixel 1.8.2-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (NOKUBI Takatsugu)
[2019-09-23] libsixel 1.8.2-2.1 MIGRATED to testing (Debian testing watch)
[2019-09-20] Accepted libsixel 1.8.2-2.1 (source) into unstable (Boyuan Yang)
[2019-09-09] Accepted libsixel 1.8.2-2 (source amd64 all) into unstable (NOKUBI Takatsugu)
[2018-07-28] libsixel 1.8.2-1 MIGRATED to testing (Debian testing watch)
[2018-07-23] Accepted libsixel 1.8.2-1 (source amd64 all) into unstable (NOKUBI Takatsugu)
[2018-07-16] libsixel 1.8.1-1 MIGRATED to testing (Debian testing watch)
[2018-07-11] Accepted libsixel 1.8.1-1 (source amd64 all) into unstable (NOKUBI Takatsugu)
[2017-09-02] libsixel 1.7.3-1 MIGRATED to testing (Debian testing watch)
[2017-08-28] Accepted libsixel 1.7.3-1 (source amd64 all) into unstable, unstable (NOKUBI Takatsugu)
[2015-09-09] libsixel 1.5.2-2 MIGRATED to testing (Britney)
[2015-09-04] Accepted libsixel 1.5.2-2 (source i386) into unstable (NOKUBI Takatsugu)
[2015-09-01] Accepted libsixel 1.5.2-1 (source i386) into unstable (NOKUBI Takatsugu)
[2015-04-27] libsixel 1.4.2-1 MIGRATED to testing (Britney)
[2014-12-09] Accepted libsixel 1.4.2-1 (source i386) into unstable (NOKUBI Takatsugu)
[2014-12-09] Accepted libsixel 1.1.2-2 (source i386) into unstable (NOKUBI Takatsugu)
[2014-11-04] libsixel 1.1.2-1 MIGRATED to testing (Britney)
[2014-10-24] Accepted libsixel 1.1.2-1 (source i386) into unstable, unstable (NOKUBI Takatsugu)

bugs [bug history graph]

all: 3
RC: 0
I&N: 3
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 2)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.8.6-2