-
gdk-pixbuf (2.36.11-1ubuntu0.1) artful-security; urgency=medium
* SECURITY UPDATE: DoS and integer overflow in io-ico.c
- debian/patches/CVE-2017-6312.patch: fix potential integer overflow
in gdk-pixbuf/io-ico.c.
- CVE-2017-6312
* SECURITY UPDATE: DoS and integer underflow in load_resources function
- debian/patches/CVE-2017-6313.patch: protect against too short
blocklen in gdk-pixbuf/io-icns.c.
- CVE-2017-6313
* SECURITY UPDATE: DoS (infinite loop)
- debian/patches/CVE-2017-6314.patch: avoid overflow buffer size
computation in gdk-pixbuf/io-tiff.c.
- CVE-2017-6314
-- <email address hidden> (Leonidas S. Barbosa) Thu, 11 Jan 2018 15:05:48 -0300
-
gdk-pixbuf (2.36.11-1) unstable; urgency=medium
* New upstream release
* debian/copyright: The non-free images have been replaced
(thanks Olly Betts!) so drop the Files-Excluded line
* Drop git_fix-tiff-build.patch: Applied in new release
-- Jeremy Bicha <email address hidden> Mon, 02 Oct 2017 12:36:35 -0400
-
gdk-pixbuf (2.36.10-2) unstable; urgency=medium
* Add git_fix-tiff-build.patch:
- Backport patch to fix tiff loader build (LP: #1718526)
-- Jeremy Bicha <email address hidden> Wed, 20 Sep 2017 19:04:33 -0400
-
gdk-pixbuf (2.36.10-1) unstable; urgency=medium
[ Jeremy Bicha ]
* New upstream release 2.36.9.
* Drop obsolete 0001-skip-perturb-for-cve-2015-4491-original-test.patch
* debian/libgdk-pixbuf2.0-0.symbols: Add new symbol
[ Emilio Pozuelo Monfort ]
* New upstream release 2.36.10.
- CVE-2017-2862: fix code execution vulnerability in jpeg loader.
Closes: #874552.
* Switch to copyright format 1.0.
* copyright: exclude non-free test ref images.
* rules: drop obsolete dh_strip --dbgsym-migration switch.
* postinst: make loaders.cache reproducible. Thanks Chris Lamb for the
patch. Closes: #875704.
-- Emilio Pozuelo Monfort <email address hidden> Tue, 19 Sep 2017 23:39:30 +0200
-
gdk-pixbuf (2.36.5-3ubuntu1) artful; urgency=medium
* SECURITY UPDATE: Integer overflow checks not enough
- debian/patches/CVE-2017-2870.patch: checks for integer overflow
in multiplication in gdk-pixbuf/io-tiff.c.
- CVE-2017-2870
* SECURITY UPDATE: exploitable heap overflow
- debian/patches/CVE-2017-2862-part1.patch: Throw error
when number of colour components is unsupported in
gdk-pixbuf/io-jpeg.c.
- debian/patches/CVE-2017-2862-part2.patch: restore grayscale
support in gdk-pixbuf/io-jpeg.c
- debian/patches/CVE-2017-2862-part3.patch: add test in
tests/pixbuf-fail.c.
- CVE-2017-2862
* SECURITY UPDATE: context-dependent to cause DoS
- debian/patches/CVE-2017-6311-part1.patch: update skeleton to fix
a possible crash in thumbnailer/gnome-thumbnailer-skeleton.c.
- debian/patches/CVE-2017-6311-part2.patch: return an error if the
ICO didn't load in gdk-pixbuf/io-ico.c.
- CVE-2017-6311
-- <email address hidden> (Leonidas S. Barbosa) Thu, 14 Sep 2017 18:36:00 -0300
-
gdk-pixbuf (2.36.5-3) experimental; urgency=medium
[ Jeremy Bicha ]
* Add new libgdk-pixbuf2.0-bin package to install thumbnailer
binary and metadata needed by gnome-desktop 3.23 (LP: #1665602)
* Have libgdk-pibxuf2.0-0 recommend libgdk-pixbuf2.0-bin
* debian/rules: Change dh_install's --list-missing to --fail-missing to
catch this issue sooner next time
[ Iain Lane ]
* debian/rules: Don't use -X.la - it's error prone as it does substring
matching instead of globbing. Instead use `find ... -delete' to remove
*.la files explicitly.
* debian/control.*: Update Vcs-* for branch.
-- Jeremy Bicha <email address hidden> Tue, 14 Mar 2017 16:05:47 +0000
