-
libxpm (1:3.5.12-1ubuntu0.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: stack exhaustion from infinite recursion in
PutSubImage() in libx11
- d/p/0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch
- d/p/0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch
- CVE-2023-43786
* SECURITY UPDATE: integer overflow in XCreateImage() leading to a heap
overflow in libx11
- d/p/0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch
- d/p/0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch
- CVE-2023-43787
* SECURITY UPDATE: out of bounds read in XpmCreateXpmImageFromBuffer()
- d/p/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
- CVE-2023-43788
* SECURITY UPDATE: out of bounds read on XPM with corrupted colormap
- d/p/0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
- CVE-2023-43789
-- Marc Deslauriers <email address hidden> Mon, 02 Oct 2023 16:10:52 -0400
-
libxpm (1:3.5.12-1ubuntu0.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: CPU-consuming loop on width of 0
- debian/patches/CVE-2022-44617-1.patch: add extra checks to
src/data.c, src/parse.c.
- debian/patches/CVE-2022-44617-2.patch: prevent a double free in the
error code path in src/create.c.
- CVE-2022-44617
* SECURITY UPDATE: Infinite loop on unclosed comments
- debian/patches/CVE-2022-46285.patch: handle unclosed comments in
src/data.c.
- CVE-2022-46285
* SECURITY UPDATE: compression commands depend on $PATH
- debian/patches/CVE-2022-4883.patch: don't rely on $PATH to find the
commands in src/RdFToI.c, src/WrFFrI.c.
- CVE-2022-4883
-- Marc Deslauriers <email address hidden> Mon, 16 Jan 2023 12:38:49 -0500
-
libxpm (1:3.5.12-1build2) jammy; urgency=high
* No change rebuild for ppc64el baseline bump.
-- Julian Andres Klode <email address hidden> Thu, 24 Mar 2022 17:22:04 +0100
-
libxpm (1:3.5.12-1build1) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:19:51 +0200
-
libxpm (1:3.5.12-1) unstable; urgency=medium
[ Andreas Boll ]
* New upstream release.
* Let uscan verify tarball signatures.
* Improve package description (Closes: #646992). Thanks, Justin B
Rye!
* Switch URLs to https.
* Remove obsolete xsfbs.
* Add placeholder comment into series file.
* Bump debhelper compat to 10.
- Drop build-deps on dh-autoreconf, automake and libtool.
* Stop passing --disable-silent-rules to configure, debhelper does
that for a while.
* Drop no longer needed dpkg-dev versioned build-dependency.
[ Emilio Pozuelo Monfort ]
* Switch to -dbgsym packages.
-- Emilio Pozuelo Monfort <email address hidden> Thu, 22 Dec 2016 17:17:47 +0100