freeimage: multiple vulnerabilities in embedded code copies
Bug #898825 reported by
Cosme Domínguez
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| freeimage (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Ubuntu ships Freeimage 3.13.1 and upstream has 3.15.1
* libtiff (from 3.9.2 to 3.9.5)
- CVE-2010-1411
- CVE-2009-2347
* libpng (from 1.2.41 to 1.5.4)
- CVE-2010-1205
- CVE-2011-2690
- CVE-2011-2691
- CVE-2011-2692
| description: | updated |
| visibility: | private → public |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in freeimage (Ubuntu): | |
| status: | New → Fix Released |
To post a comment you must log in.
This bug was fixed in the package freeimage - 3.15.1-1
---------------
freeimage (3.15.1-1) unstable; urgency=low
[ Evan Broder ]
* QA upload.
* New upstream release (closes: 649541, LP: #898825, #898845)
- Refreshed patches.
+ Abuse dh-autoreconf to generate Makefile.srcs and fipMakefile.srcs
patches at build time
- Update debian/
- Add new build-dep libraw-dev.
- Update patch to disable embedded libraries to deal with API changes
in libpng, libmng, and libraw.
- Make sure we install symlinks for libfreeimageplus.
- Use (upstream-
* Switch to source format 3.0 (quilt)
* Switch to dh(1) and debhelper compat 8
* Add missing misc:Depends.
* Include the upstream changelog.
* Update Debian standards version (no other changes needed).
[ Stefano Rivera ]
* Dropped README.source.
* Updated freeimage (3.9.5) fixes CVE-2011-1167, CVE-2011-0192,
CVE-2010-2595
* Override lintian's embedded-library error for libtiff. It wasn't
extricable.
-- Evan Broder <email address hidden> Tue, 06 Dec 2011 14:31:21 +0200