Change logs for gdk-pixbuf source package in Xenial

  • gdk-pixbuf (2.32.2-1ubuntu1.6) xenial-security; urgency=medium
    
      * SECURITY UPDATE: stack corruption via crafted file folder
        - debian/patches/CVE-2017-12447-1.patch: reject bogus depth in
          gdk-pixbuf/io-bmp.c.
        - debian/patches/CVE-2017-12447-2.patch: reject impossible palette
          size in gdk-pixbuf/io-bmp.c.
        - CVE-2017-12447
    
     -- Marc Deslauriers <email address hidden>  Wed, 20 Mar 2019 11:43:33 -0400
  • gdk-pixbuf (2.32.2-1ubuntu1.5) xenial; urgency=medium
    
      * Convert triggers to noawait (LP: #1780996)
    
     -- Julian Andres Klode <email address hidden>  Tue, 10 Jul 2018 21:47:55 +0200
  • gdk-pixbuf (2.32.2-1ubuntu1.4) xenial-security; urgency=medium
    
      * SECURITY UPDATE: Integer overflow in gif_get_lzw function
        - debian/patches/CVE-2017-1000422.patch: fix in gdk-pixbuf/io-gif.c.
        - CVE-2017-1000422
      * SECURITY UPDATE: DoS and integer overflow in io-ico.c
        - debian/patches/CVE-2017-6312.patch: fix potential integer overflow
          in gdk-pixbuf/io-ico.c.
        - CVE-2017-6312
      * SECURITY UPDATE: DoS and integer underflow in load_resources function
        - debian/patches/CVE-2017-6313.patch: protect against too short
          blocklen in gdk-pixbuf/io-icns.c.
        - CVE-2017-6313
      * SECURITY UPDATE: DoS (infinite loop)
        - debian/patches/CVE-2017-6314.patch: avoid overflow buffer size
          computation in gdk-pixbuf/io-tiff.c.
        - CVE-2017-6314
    
     -- <email address hidden> (Leonidas S. Barbosa)  Thu, 11 Jan 2018 15:01:31 -0300
  • gdk-pixbuf (2.32.2-1ubuntu1.3) xenial-security; urgency=medium
    
      * SECURITY UPDATE: Integer overflow checks not enough
        - debian/patch/CVE-2017-2870.patch: checks for integer overflow
          in multiplication in gdk-pixbuf/io-tiff.c.
        - CVE-2017-2870
      * SECURITY UPDATE: exploitable heap overflow
        - debian/patches/CVE-2017-2862-part1.patch: Throw error
          when number of colour components is unsupported in
          gdk-pixbuf/io-jpeg.c.
        - debian/patches/CVE-2017-2862-part2.patch: restore grayscale
          support in gdk-pixbuf/io-jpeg.c
      * SECURITY UPDATE: context-dependent to cause DoS
        - debian/patches/CVE-2017-6311.patch: return an error when ICO
          didn't load in gdk-pixbuf/io-ico.c.
        - CVE-2017-6311
    
     -- <email address hidden> (Leonidas S. Barbosa)  Thu, 14 Sep 2017 13:38:49 -0300
  • gdk-pixbuf (2.32.2-1ubuntu1.2) xenial-security; urgency=medium
    
      * SECURITY UPDATE: Fix a write out-of-bounds error parsing a malicious ico
        - debian/patches/CVE-2016-6352.patch: Be more careful when parsing ico
          headers. Based on upstream patch.
        - Thanks to Franco Costantini for discovering this issue using QuickFuzz.
        - CVE-2016-6352
    
     -- Emily Ratliff <email address hidden>  Tue, 20 Sep 2016 11:21:58 -0500
  • gdk-pixbuf (2.32.2-1ubuntu1) xenial; urgency=medium
    
      * Unset MALLOC_PERTURB_ for the /pixbuf/cve-2015-4491/original test, as
        it fails with OOM, or gets OOM killed.
    
     -- Dimitri John Ledkov <email address hidden>  Tue, 24 Nov 2015 16:58:42 +0000
  • gdk-pixbuf (2.32.2-1) unstable; urgency=medium
    
      * New upstream release.
      * Update watch file to track stable releases only.
    
     -- Michael Biebl <email address hidden>  Wed, 11 Nov 2015 02:01:07 +0100
  • gdk-pixbuf (2.32.1-1) unstable; urgency=medium
    
      * New upstream release 2.32.1
      * Drop patch which is applied upstream
    
     -- Iain Lane <email address hidden>  Mon, 05 Oct 2015 17:51:16 +0100