libstb - Debian Package Tracker

general

source: libstb (main)
version: 0.0~git20230129.5736b15+ds-1
maintainer: Yangfl (DMD)
arch: any
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.0~git20180212.15.e6afb9c-1
o-o-sec: 0.0~git20180212.15.e6afb9c-1+deb10u1
oldstable: 0.0~git20200713.b42009b+ds-1
old-bpo: 0.0~git20220908.8b5f1f3+ds-1~bpo11+1
stable: 0.0~git20220908.8b5f1f3+ds-1
testing: 0.0~git20230129.5736b15+ds-1
unstable: 0.0~git20230129.5736b15+ds-1

versioned links

0.0~git20180212.15.e6afb9c-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.0~git20180212.15.e6afb9c-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.0~git20200713.b42009b+ds-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.0~git20220908.8b5f1f3+ds-1~bpo11+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.0~git20220908.8b5f1f3+ds-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.0~git20230129.5736b15+ds-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libstb-dev
libstb0

action needed

19 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 90286151db35187e1efcd30aea823119cb39873a
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Thu Mar 16 05:43:31 2023 +0800

    debian: update to 0.0~git20230129.5736b15+ds

commit bf9ad6041218ea65c7228214d1077ad8b07502ab
Merge: 63aaadc abab6b2
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Thu Mar 16 05:42:32 2023 +0800

    Merge tag 'upstream/0.0_git20230129.5736b15+ds'

commit 63aaadc0dfef7887c27850c5b38e3f3b960c393a
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Tue Sep 27 19:14:31 2022 +0800

    debian: update to 0.0~git20220908.8b5f1f3+ds

commit e33ba30850fd960610ed3323d0485f339c3cb7ad
Merge: d65b382 1678823
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Tue Sep 27 19:12:35 2022 +0800

    Merge tag 'upstream/0.0_git20220908.8b5f1f3+ds'

commit 1678823bc819a0ff9b1b61c3496a5549bc5b6ed6
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Tue Sep 27 19:11:51 2022 +0800

    Import Upstream version 0.0~git20220908.8b5f1f3+ds

commit d65b38211e8932ff47d21bd5381cbe9b3cabe881
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Sun Jan 23 16:48:59 2022 +0800

    debian: update to 0.0~git20210910.af1a5bc+ds

commit e56706da14dd636d5f9f5d0e9ebb828768d9df38
Merge: b5ba864 c570e75
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Sun Jan 23 16:56:40 2022 +0800

    Merge tag 'upstream/0.0_git20210910.af1a5bc+ds'

commit c570e75cb4ed8b9fd357ae6bc4dcf840339fbcab
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Sun Jan 23 16:55:45 2022 +0800

    Import Upstream version 0.0~git20210910.af1a5bc+ds

commit b5ba864fbaa59972f232353dffd43472c0a26845
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Fri Feb 12 17:00:58 2021 +0800

    debian: update to 0.0~0.0~git20200713.b42009b+ds

commit f414b1bb497e358da8c4fc3a66300c9b439d85fd
Merge: 88d9bff 8c2a7bc
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Tue Feb 16 13:47:00 2021 +0800

    Merge tag 'upstream/0.0_git20200713.b42009b+ds'

commit 8c2a7bcfa47dc2daf1cd7d6f7647fc215f5aa95a
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Tue Feb 16 13:45:16 2021 +0800

    Import Upstream version 0.0~git20200713.b42009b+ds

commit 88d9bff0f9f4f5c12321670466136a2bef66ac87
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Tue Dec 8 15:08:47 2020 +0800

    debian: update to 0.0~0.0~git20200713.b42009b

commit 50266f772ce995c50842babba11c33e77af3e515
Merge: 6a4e920 b42009b
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Tue Dec 8 15:06:34 2020 +0800

    Merge tag 'upstream/0.0_git20200713.b42009b'

commit 6a4e9205061d5dcdbaa7b42cb22b1e3e27b0ab4d
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Fri Sep 20 00:23:39 2019 +0800

    debian: update to 0.0~git20190817.1.052dce1

commit cd40cdcec31351be8ecb2a4ee20ab3f316d069f5
Merge: 7e27ff1 052dce1
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Fri Sep 20 08:46:47 2019 +0800

    Merge branch 'upstream'

commit 7e27ff11f419bdbcfa758e81cab431c9964affcd
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Wed Jul 10 20:13:03 2019 +0800

    debian: update patches

commit c53fb6f35a67afcc69825c73b308f5fd1264f1e5
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Wed Mar 27 00:22:33 2019 +0800

    debian: update to 0.0~git20190617.5.c72a95d

commit 9b2b35011ccb6d30ade729516c9cbbebff99b30d
Merge: 6b65762 c72a95d
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Thu Jul 4 19:14:01 2019 +0800

    Merge branch 'upstream'

commit 6b65762b00393bc1c9d65b92848c0b31614d0e2d
Author: yangfl <yangfl@users.noreply.github.com>
Date:   Fri Nov 30 23:04:40 2018 +0800

    debian: init

Created: 2021-02-12 Last update: 2023-09-30 16:15

debian/patches: 8 patches to forward upstream low

Among the 8 debian patches available in version 0.0~git20230129.5736b15+ds-1 of the package, we noticed the following issues:

8 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-08-17 09:41

7 low-priority security issues in bullseye low

There are 7 open security issues in bullseye.

7 issues left for the package maintainer to handle:

CVE-2019-15058: (needs triaging) stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, leading to Information Disclosure or Denial of Service.
CVE-2019-20056: (needs triaging) stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.
CVE-2021-28021: (needs triaging) Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.
CVE-2021-37789: (needs triaging) stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.
CVE-2021-42715: (needs triaging) An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.
CVE-2022-28041: (needs triaging) stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
CVE-2022-28042: (needs triaging) stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2023-08-17 09:26

4 low-priority security issues in bookworm low

There are 4 open security issues in bookworm.

4 issues left for the package maintainer to handle:

CVE-2021-42715: (needs triaging) An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.
CVE-2021-42716: (needs triaging) An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.
CVE-2022-28041: (needs triaging) stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
CVE-2022-28042: (needs triaging) stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-06-10 Last update: 2023-08-17 09:26

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-11-22 Last update: 2020-12-09 01:05

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.6.1).

Created: 2022-12-17 Last update: 2023-08-17 09:43

news

[rss feed]

[2023-08-17] libstb 0.0~git20230129.5736b15+ds-1 MIGRATED to testing (Debian testing watch)
[2023-08-15] Accepted libstb 0.0~git20230129.5736b15+ds-1 (source) into unstable (Yangfl) (signed by: Boyuan Yang)
[2023-02-09] Accepted libstb 0.0~git20220908.8b5f1f3+ds-1~bpo11+1 (source amd64) into bullseye-backports (Debian FTP Masters) (signed by: Boyuan Yang)
[2023-01-31] Accepted libstb 0.0~git20180212.15.e6afb9c-1+deb10u1 (source) into oldstable (Adrian Bunk)
[2022-09-30] libstb 0.0~git20220908.8b5f1f3+ds-1 MIGRATED to testing (Debian testing watch)
[2022-09-27] Accepted libstb 0.0~git20220908.8b5f1f3+ds-1 (source) into unstable (Yangfl) (signed by: Boyuan Yang)
[2022-01-29] libstb 0.0~git20210910.af1a5bc+ds-1 MIGRATED to testing (Debian testing watch)
[2022-01-23] Accepted libstb 0.0~git20210910.af1a5bc+ds-1 (source) into unstable (Yangfl) (signed by: Boyuan Yang)
[2021-03-10] libstb 0.0~git20200713.b42009b+ds-1 MIGRATED to testing (Debian testing watch)
[2021-02-27] Accepted libstb 0.0~git20200713.b42009b+ds-1 (source) into unstable (Yangfl) (signed by: Boyuan Yang)
[2020-12-11] libstb 0.0~git20200713.b42009b-1 MIGRATED to testing (Debian testing watch)
[2020-12-08] Accepted libstb 0.0~git20200713.b42009b-1 (source) into unstable (Yangfl) (signed by: Boyuan Yang)
[2019-09-22] libstb 0.0~git20190817.1.052dce1-1 MIGRATED to testing (Debian testing watch)
[2019-09-20] Accepted libstb 0.0~git20190817.1.052dce1-1 (source) into unstable (Yangfl) (signed by: Boyuan Yang)
[2019-07-14] libstb 0.0~git20190617.5.c72a95d-2 MIGRATED to testing (Debian testing watch)
[2019-07-11] Accepted libstb 0.0~git20190617.5.c72a95d-2 (source) into unstable (Yangfl) (signed by: Boyuan Yang)
[2019-07-08] Accepted libstb 0.0~git20190617.5.c72a95d-1 (source) into unstable (Yangfl) (signed by: Boyuan Yang)
[2018-11-27] libstb 0.0~git20180212.15.e6afb9c-1 MIGRATED to testing (Debian testing watch)
[2018-11-22] Accepted libstb 0.0~git20180212.15.e6afb9c-1 (source amd64) into unstable, unstable (Yangfl) (signed by: Boyuan Yang)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.0~git20230129.5736b15+ds-1