Change log for libxpm package in Ubuntu
1 → 40 of 40 results | First • Previous • Next • Last |
libxpm (1:3.5.17-1build2) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 08:02:41 +0000
Available diffs
- diff from 1:3.5.17-1build1 to 1:3.5.17-1build2 (281 bytes)
libxpm (1:3.5.17-1build1) noble; urgency=medium * No-change rebuild against libxt6t64 -- Steve Langasek <email address hidden> Sat, 09 Mar 2024 00:51:05 +0000
Available diffs
Deleted in noble-updates (Reason: superseded by release) |
Superseded in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
libxpm (1:3.5.17-1) unstable; urgency=high [ Timo Aaltonen ] * New upstream release. - CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() - CVE-2023-43789: out of bounds read on XPM with corrupted colormap * control: Migrate to x11proto-dev. * Update signing-key. * patches: All patches upstream, drop them. [ Debian Janitor ] * Remove constraints unnecessary since buster: + Build-Depends: Drop versioned constraint on libx11-dev, libxext-dev, libxt-dev and xutils-dev. [ Julien Cristau ] * Update Vcs-* control fields. * Add ncompress build-dependency for the test suite. * Install man pages in libxpm-dev. -- Julien Cristau <email address hidden> Thu, 05 Oct 2023 14:24:36 +0200
Available diffs
Superseded in noble-release |
Published in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
libxpm (1:3.5.12-1.1ubuntu1) mantic; urgency=medium * SECURITY UPDATE: stack exhaustion from infinite recursion in PutSubImage() in libx11 - d/p/0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch - d/p/0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch - CVE-2023-43786 * SECURITY UPDATE: integer overflow in XCreateImage() leading to a heap overflow in libx11 - d/p/0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch - d/p/0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch - CVE-2023-43787 * SECURITY UPDATE: out of bounds read in XpmCreateXpmImageFromBuffer() - d/p/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch - CVE-2023-43788 * SECURITY UPDATE: out of bounds read on XPM with corrupted colormap - d/p/0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch - CVE-2023-43789 -- Marc Deslauriers <email address hidden> Tue, 03 Oct 2023 14:30:11 -0400
Available diffs
libxpm (1:3.5.12-1ubuntu0.20.04.2) focal-security; urgency=medium * SECURITY UPDATE: stack exhaustion from infinite recursion in PutSubImage() in libx11 - d/p/0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch - d/p/0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch - CVE-2023-43786 * SECURITY UPDATE: integer overflow in XCreateImage() leading to a heap overflow in libx11 - d/p/0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch - d/p/0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch - CVE-2023-43787 * SECURITY UPDATE: out of bounds read in XpmCreateXpmImageFromBuffer() - d/p/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch - CVE-2023-43788 * SECURITY UPDATE: out of bounds read on XPM with corrupted colormap - d/p/0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch - CVE-2023-43789 -- Marc Deslauriers <email address hidden> Mon, 02 Oct 2023 16:12:10 -0400
Available diffs
libxpm (1:3.5.12-1ubuntu0.22.04.2) jammy-security; urgency=medium * SECURITY UPDATE: stack exhaustion from infinite recursion in PutSubImage() in libx11 - d/p/0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch - d/p/0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch - CVE-2023-43786 * SECURITY UPDATE: integer overflow in XCreateImage() leading to a heap overflow in libx11 - d/p/0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch - d/p/0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch - CVE-2023-43787 * SECURITY UPDATE: out of bounds read in XpmCreateXpmImageFromBuffer() - d/p/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch - CVE-2023-43788 * SECURITY UPDATE: out of bounds read on XPM with corrupted colormap - d/p/0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch - CVE-2023-43789 -- Marc Deslauriers <email address hidden> Mon, 02 Oct 2023 16:10:52 -0400
Available diffs
libxpm (1:3.5.12-1.1ubuntu0.1) lunar-security; urgency=medium * SECURITY UPDATE: stack exhaustion from infinite recursion in PutSubImage() in libx11 - d/p/0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch - d/p/0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch - CVE-2023-43786 * SECURITY UPDATE: integer overflow in XCreateImage() leading to a heap overflow in libx11 - d/p/0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch - d/p/0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch - CVE-2023-43787 * SECURITY UPDATE: out of bounds read in XpmCreateXpmImageFromBuffer() - d/p/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch - CVE-2023-43788 * SECURITY UPDATE: out of bounds read on XPM with corrupted colormap - d/p/0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch - CVE-2023-43789 -- Marc Deslauriers <email address hidden> Mon, 02 Oct 2023 15:33:34 -0400
Available diffs
Superseded in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
libxpm (1:3.5.12-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix CVE-2022-46285: Infinite loop on unclosed comments * Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height * configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE * Fix CVE-2022-4883: compression commands depend on $PATH * Prevent a double free in the error code path * Use gzip -d instead of gunzip * debian/rules: configure: Set explicitly runtime paths for {,un}compress and gzip. -- Salvatore Bonaccorso <email address hidden> Mon, 16 Jan 2023 21:01:44 +0100
Available diffs
libxpm (1:3.5.12-1ubuntu1) lunar; urgency=medium * SECURITY UPDATE: CPU-consuming loop on width of 0 - debian/patches/CVE-2022-44617-1.patch: add extra checks to src/data.c, src/parse.c. - debian/patches/CVE-2022-44617-2.patch: prevent a double free in the error code path in src/create.c. - CVE-2022-44617 * SECURITY UPDATE: Infinite loop on unclosed comments - debian/patches/CVE-2022-46285.patch: handle unclosed comments in src/data.c. - CVE-2022-46285 * SECURITY UPDATE: compression commands depend on $PATH - debian/patches/CVE-2022-4883.patch: don't rely on $PATH to find the commands in src/RdFToI.c, src/WrFFrI.c. - CVE-2022-4883 -- Marc Deslauriers <email address hidden> Mon, 16 Jan 2023 12:38:49 -0500
Available diffs
libxpm (1:3.5.12-1ubuntu0.18.04.2) bionic-security; urgency=medium * SECURITY UPDATE: CPU-consuming loop on width of 0 - debian/patches/CVE-2022-44617-1.patch: add extra checks to src/data.c, src/parse.c. - debian/patches/CVE-2022-44617-2.patch: prevent a double free in the error code path in src/create.c. - CVE-2022-44617 * SECURITY UPDATE: Infinite loop on unclosed comments - debian/patches/CVE-2022-46285.patch: handle unclosed comments in src/data.c. - CVE-2022-46285 * SECURITY UPDATE: compression commands depend on $PATH - debian/patches/CVE-2022-4883.patch: don't rely on $PATH to find the commands in src/RdFToI.c, src/WrFFrI.c. - CVE-2022-4883 -- Marc Deslauriers <email address hidden> Mon, 16 Jan 2023 12:58:21 -0500
Available diffs
libxpm (1:3.5.12-1ubuntu0.22.10.1) kinetic-security; urgency=medium * SECURITY UPDATE: CPU-consuming loop on width of 0 - debian/patches/CVE-2022-44617-1.patch: add extra checks to src/data.c, src/parse.c. - debian/patches/CVE-2022-44617-2.patch: prevent a double free in the error code path in src/create.c. - CVE-2022-44617 * SECURITY UPDATE: Infinite loop on unclosed comments - debian/patches/CVE-2022-46285.patch: handle unclosed comments in src/data.c. - CVE-2022-46285 * SECURITY UPDATE: compression commands depend on $PATH - debian/patches/CVE-2022-4883.patch: don't rely on $PATH to find the commands in src/RdFToI.c, src/WrFFrI.c. - CVE-2022-4883 -- Marc Deslauriers <email address hidden> Mon, 16 Jan 2023 12:38:49 -0500
libxpm (1:3.5.12-1ubuntu0.20.04.1) focal-security; urgency=medium * SECURITY UPDATE: CPU-consuming loop on width of 0 - debian/patches/CVE-2022-44617-1.patch: add extra checks to src/data.c, src/parse.c. - debian/patches/CVE-2022-44617-2.patch: prevent a double free in the error code path in src/create.c. - CVE-2022-44617 * SECURITY UPDATE: Infinite loop on unclosed comments - debian/patches/CVE-2022-46285.patch: handle unclosed comments in src/data.c. - CVE-2022-46285 * SECURITY UPDATE: compression commands depend on $PATH - debian/patches/CVE-2022-4883.patch: don't rely on $PATH to find the commands in src/RdFToI.c, src/WrFFrI.c. - CVE-2022-4883 -- Marc Deslauriers <email address hidden> Mon, 16 Jan 2023 12:56:25 -0500
Available diffs
libxpm (1:3.5.12-1ubuntu0.22.04.1) jammy-security; urgency=medium * SECURITY UPDATE: CPU-consuming loop on width of 0 - debian/patches/CVE-2022-44617-1.patch: add extra checks to src/data.c, src/parse.c. - debian/patches/CVE-2022-44617-2.patch: prevent a double free in the error code path in src/create.c. - CVE-2022-44617 * SECURITY UPDATE: Infinite loop on unclosed comments - debian/patches/CVE-2022-46285.patch: handle unclosed comments in src/data.c. - CVE-2022-46285 * SECURITY UPDATE: compression commands depend on $PATH - debian/patches/CVE-2022-4883.patch: don't rely on $PATH to find the commands in src/RdFToI.c, src/WrFFrI.c. - CVE-2022-4883 -- Marc Deslauriers <email address hidden> Mon, 16 Jan 2023 12:38:49 -0500
Superseded in lunar-release |
Obsolete in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
libxpm (1:3.5.12-1build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode <email address hidden> Thu, 24 Mar 2022 17:22:04 +0100
Available diffs
Superseded in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
Deleted in impish-proposed (Reason: Moved ot jammy) |
libxpm (1:3.5.12-1build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:19:51 +0200
Available diffs
libxpm (1:3.5.9-4ubuntu0.1) precise-security; urgency=medium * SECURITY UPDATE: OOB write when handling malicious XPM files - debian/patches/CVE-2016-10164.patch: add bounds checks to src/CrDatFrI.c. - CVE-2016-10164 -- Marc Deslauriers <email address hidden> Wed, 25 Jan 2017 15:38:46 -0500
Available diffs
libxpm (1:3.5.10-1ubuntu0.1) trusty-security; urgency=medium * SECURITY UPDATE: OOB write when handling malicious XPM files - debian/patches/CVE-2016-10164.patch: add bounds checks to src/CrDatFrI.c. - CVE-2016-10164 -- Marc Deslauriers <email address hidden> Wed, 25 Jan 2017 15:38:03 -0500
Available diffs
libxpm (1:3.5.11-1ubuntu0.16.04.1) xenial-security; urgency=medium * SECURITY UPDATE: OOB write when handling malicious XPM files - debian/patches/CVE-2016-10164.patch: add bounds checks to src/CrDatFrI.c. - CVE-2016-10164 -- Marc Deslauriers <email address hidden> Wed, 25 Jan 2017 15:34:55 -0500
Available diffs
libxpm (1:3.5.11-1ubuntu0.16.10.1) yakkety-security; urgency=medium * SECURITY UPDATE: OOB write when handling malicious XPM files - debian/patches/CVE-2016-10164.patch: add bounds checks to src/CrDatFrI.c. - CVE-2016-10164 -- Marc Deslauriers <email address hidden> Wed, 25 Jan 2017 15:34:55 -0500
Available diffs
Superseded in jammy-release |
Obsolete in impish-release |
Obsolete in hirsute-release |
Obsolete in groovy-release |
Published in focal-release |
Obsolete in eoan-release |
Obsolete in disco-release |
Obsolete in cosmic-release |
Published in bionic-release |
Obsolete in artful-release |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
libxpm (1:3.5.12-1) unstable; urgency=medium [ Andreas Boll ] * New upstream release. * Let uscan verify tarball signatures. * Improve package description (Closes: #646992). Thanks, Justin B Rye! * Switch URLs to https. * Remove obsolete xsfbs. * Add placeholder comment into series file. * Bump debhelper compat to 10. - Drop build-deps on dh-autoreconf, automake and libtool. * Stop passing --disable-silent-rules to configure, debhelper does that for a while. * Drop no longer needed dpkg-dev versioned build-dependency. [ Emilio Pozuelo Monfort ] * Switch to -dbgsym packages. -- Emilio Pozuelo Monfort <email address hidden> Thu, 22 Dec 2016 17:17:47 +0100
Available diffs
- diff from 1:3.5.11-1 to 1:3.5.12-1 (233.5 KiB)
Superseded in zesty-release |
Obsolete in yakkety-release |
Published in xenial-release |
Obsolete in wily-release |
Obsolete in vivid-release |
Obsolete in utopic-release |
Deleted in utopic-proposed (Reason: moved to release) |
libxpm (1:3.5.11-1) unstable; urgency=medium * New upstream release. * Rewrite debian/rules using dh, bump compat to 9, drop xsfbs. * Remove Cyril from Uploaders. * Bump x11proto-core-dev build-dep per configure.ac. * Disable silent build rules. * Override gzip-file-is-not-multi-arch-same-safe for xpm.PS.gz. -- Julien Cristau <email address hidden> Sun, 13 Jul 2014 12:24:10 +0200
Available diffs
- diff from 1:3.5.10-1 to 1:3.5.11-1 (95.8 KiB)
Superseded in utopic-release |
Published in trusty-release |
Obsolete in saucy-release |
Obsolete in raring-release |
Obsolete in quantal-release |
libxpm (1:3.5.10-1) unstable; urgency=low * Clean up libtool m4 files. * Revert to shipping the doc as PS instead of PDF, so libxpm-dev can be Multi-Arch: same. Thanks to Jakub Wilk. * New upstream release. * Bump debhelper build-dep to 8.1.3 for ${misc:Pre-Depends}. -- Julien Cristau <email address hidden> Sat, 21 Apr 2012 11:21:07 +0200
Available diffs
- diff from 1:3.5.9-4 (in Ubuntu) to 1:3.5.10-1 (179.7 KiB)
libxpm (1:3.5.9-4) unstable; urgency=low * Exclude xpmutils from the debug package so it really is multi-arch safe (closes: #646960). Thanks, Jakub Wilk! * Don't require fakeroot for debian/rules clean. * Replace the change from 1:3.5.9-3 with the equivalent fix committed upstream. -- Ubuntu Archive Auto-Sync <email address hidden> Fri, 11 Nov 2011 09:26:47 +0000
Available diffs
- diff from 1:3.5.9-3 to 1:3.5.9-4 (1.0 KiB)
libxpm (1:3.5.9-3) unstable; urgency=low * Apply patch from Ubuntu to fix build failure when using ld --no-add- needed. Closes: #604494.
Available diffs
- diff from 1:3.5.9-1ubuntu1 to 1:3.5.9-3 (2.1 KiB)
libxpm (1:3.5.9-1ubuntu1) natty; urgency=low * Fix build failure with --no-add-needed. -- Matthias Klose <email address hidden> Mon, 22 Nov 2010 15:42:10 +0100
Available diffs
- diff from 1:3.5.9-1 to 1:3.5.9-1ubuntu1 (447 bytes)
libxpm (1:3.5.9-1) unstable; urgency=low [ Julien Cristau ] * Remove myself from Uploaders. * Rename the build directory to not include DEB_BUILD_GNU_TYPE for no good reason. Thanks, Colin Watson! [ Cyril Brulebois ] * New upstrem release. * Bump xutils-dev build-dep for new macros. * Update debian/copyright from upstream COPYING. * Drop debian/libxpm-dev.docs, xpm.PS is gone. * Switch from --list-missing to --fail-missing for additional safety. * Exclude libXpm.la from dh_install accordingly. * Add myself to Uploaders. -- Ubuntu Archive Auto-Sync <email address hidden> Sat, 20 Nov 2010 11:15:46 +0000
Available diffs
- diff from 1:3.5.8-1 to 1:3.5.9-1 (538.7 KiB)
libxpm (1:3.5.8-1) unstable; urgency=low [ Timo Aaltonen ] * New upstream release. * Bump the build-dep on xutils-dev (>= 1:7.5~1). [ Julien Cristau ] * Bump Standards-Version to 3.8.3. -- Bryce Harrington <email address hidden> Thu, 03 Dec 2009 21:39:36 +0000
Available diffs
- diff from 1:3.5.7-2 to 1:3.5.8-1 (170.2 KiB)
libxpm (1:3.5.7-2) unstable; urgency=low [ Julien Cristau ] * Drop -1 debian revisions from build-deps. * Bump Standards-Version to 3.7.3. * Drop the XS- prefix from Vcs-* control fields. * libxpm4{,-dbg} don't need to depend on x11-common. * Add xpm.PS.gz to the -dev package (closes: #525551). * Don't handle nostrip in DEB_BUILD_OPTIONS explicitly, dh_strip does the right thing. * Use filter instead of findstring to parse DEB_BUILD_OPTIONS in debian/rules. * Add README.source, bump Standards-Version to 3.8.1. * Run autoreconf at build time. * Allow parallel builds. * Move -dbg package to new debug section. * Don't pass -l and -L options to dh_shlibdeps, it seems to be useless nowadays. [ Brice Goglin ] * Add a link to www.X.org and a reference to the upstream module in the long description. -- Ubuntu Archive Auto-Sync <email address hidden> Fri, 12 Jun 2009 13:18:41 +0100
Available diffs
- diff from 1:3.5.7-1build1 to 1:3.5.7-2 (182.1 KiB)
Superseded in karmic-release |
libxpm (1:3.5.7-1build1) karmic; urgency=low * No-change rebuild to gain FORTIFY defaults. -- Kees Cook <email address hidden> Mon, 11 May 2009 12:07:38 -0700
Available diffs
- diff from 1:3.5.7-1 to 1:3.5.7-1build1 (297 bytes)
Superseded in karmic-release |
Obsolete in jaunty-release |
Obsolete in intrepid-release |
Obsolete in hardy-release |
libxpm (1:3.5.7-1) unstable; urgency=low * New upstream release. * Add the upstream URL to debian/copyright. * Use binary:Version instead of the deprecated Source-Version. * Add myself to uploaders, and remove Branden with his permission. -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 23 Oct 2007 17:32:27 +0100
libxpm (1:3.5.6-3) unstable; urgency=low * Put binary packages in the correct sections. * Run dh_shlibdeps with -L libxpm4 -l debian/libxpm4/usr/lib so xpmutils gets a dependency on libxpm4. Fixes bug noticed by checklib. -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 22 May 2007 08:23:29 +0100
libxpm (1:3.5.6-2) unstable; urgency=low * Upload to unstable. * Add XS-Vcs-Browser. * Remove Fabio from Uploaders, with his permission. -- Ubuntu Archive Auto-Sync <email address hidden> Fri, 27 Apr 2007 00:34:02 +0100
libxpm (1:3.5.6-1) experimental; urgency=low * New upstream release. * Add XS-Vcs-Git header to debian/control. * Drop obsolete CVS information from the long descriptions. * Install the upstream changelog. -- Timo Aaltonen <email address hidden> Fri, 16 Feb 2007 16:24:26 +0000
libxpm (1:3.5.5-2) unstable; urgency=low [ Andres Salomon ] * Test for obj-$(DEB_BUILD_GNU_TYPE) before creating it during build; idempotency fix. [ Drew Parsons ] * dbg package has priority extra. -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 07 Nov 2006 02:48:03 +0000
libxpm (1:3.5.5-1) experimental; urgency=low * New upstream release * Run dh_install with --list-missing * Bump debhelper compat to 5 * Remove extra x11-common dep in the -dev package * Version x11-common pre-dep in the -dev package to use 1:7.0.0 to match the rest of Debian and shut lintian up * Add the sxpm and cxpm manpages to xpm-utils -- Rodrigo Novo <email address hidden> Fri, 21 Jul 2006 14:05:53 +0100
Superseded in edgy-release |
libxpm (1:3.5.4.2-3ubuntu1) edgy; urgency=low * Manual sync from Debian (same orig.tar.gz, different md5sum) * Dropped APP_MAN_SUFFIX changes (they must be implemented correctly and directly in Debian) -- Rodrigo Parra Novo <email address hidden> Fri, 7 Jul 2006 17:17:09 -0300
libxpm (1:3.5.4.2-0ubuntu3) dapper; urgency=low * Define APP_MAN_SUFFIX=1 at configure time. * Ship missing man pages from xpmutils package. * Change the Maintainer field. -- Fabio M. Di Nitto <email address hidden> Mon, 01 May 2006 12:35:46 +0200
libxpm (1:3.5.4.2-0ubuntu2) dapper; urgency=low * Change dependency on x-common to x11-common. -- Daniel Stone <email address hidden> Thu, 19 Jan 2006 18:31:21 +1100
Superseded in dapper-release |
libxpm (1:3.5.4.2-0ubuntu1) dapper; urgency=low * New upstream release. -- Daniel Stone <email address hidden> Wed, 21 Dec 2005 13:30:35 +1100
libxpm (1:3.5.2-5) breezy; urgency=low * Add a Build-Depends on libxext-dev. For my next stunning move, I'll actually pay attention to what I'm doing. -- Daniel Stone <email address hidden> Sat, 23 Jul 2005 01:33:31 +1000
1 → 40 of 40 results | First • Previous • Next • Last |