-
imlib2 (1.2.1-2ubuntu0.4) dapper-security; urgency=low
* SECURITY UPDATE: denial of service and code execution via load function
in the XPM loader (LP: #235915)
- debian/patches/99_z11_SECURITY_CVE-2008-2426.patch: add checks to make sure
we don't overflow the buffers in XPM loader. (PNG loader was already fixed
by 99_loader_overflows.patch)
- CVE-2008-2426
-- Marc Deslauriers <email address hidden> Thu, 18 Dec 2008 13:40:58 -0500
-
imlib2 (1.2.1-2ubuntu0.3) dapper-security; urgency=low
* SECURITY UPDATE: denial of service and code execution via load function
in the XPM loader (LP: #302825)
- debian/patches/100_SECURITY_CVE-2008-5187.patch: do not adjust for
DATA32 size as pointer is already DATA32*.
- CVE-2008-5187
-- Marc Deslauriers <email address hidden> Sat, 29 Nov 2008 10:37:31 -0500
-
imlib2 (1.2.1-2ubuntu0.2) dapper-security; urgency=low
* Fixed 'debian/patches/99_loader_overflows.patch' to correctly handle JPG
file loading (Closes Ubuntu #70278).
-- Kees Cook <email address hidden> Mon, 6 Nov 2006 07:24:01 -0800
-
imlib2 (1.2.1-2ubuntu0.1) dapper-security; urgency=low
* SECURITY UPDATE: multiple overflows found in image loaders allowing
for arbitrary code execution.
* Add 'debian/patches/99_loader_overflows.patch': bounds check image
sizes in argb, jpeg, lbm, png, pnm, tga, and tiff loaders.
* References
CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809
-- Kees Cook <email address hidden> Fri, 3 Nov 2006 12:37:22 -0800
-
imlib2 (1.2.1-2) unstable; urgency=low
* src/lib/rend.c: upstream CVS patch fixes crash in digikam.
Reported by <email address hidden>. Thanks. Closes: #318013
-- Laurence J. Lane <email address hidden> Wed, 24 Aug 2005 19:24:35 -0400
