Ubuntu
imlib2 package

lp:ubuntu/dapper-security/imlib2

Dapper (6.06)
dapper-security

Created by James Westby on 2009-08-05 and last modified on 2009-08-05

Get this branch:: bzr branch lp:ubuntu/dapper-security/imlib2

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

8. By Marc Deslauriers on 2008-12-18: * SECURITY UPDATE: denial of service and code execution via load function
  in the XPM loader (LP: #235915)
  - debian/patches/99_z11_SECURITY_CVE-2008-2426.patch: add checks to make sure
    we don't overflow the buffers in XPM loader. (PNG loader was already fixed
    by 99_loader_overflows.patch)
  - CVE-2008-2426
7. By Marc Deslauriers on 2008-11-29: * SECURITY UPDATE: denial of service and code execution via load function
  in the XPM loader (LP: #302825)
  - debian/patches/100_SECURITY_CVE-2008-5187.patch: do not adjust for
    DATA32 size as pointer is already DATA32*.
  - CVE-2008-5187
6. By Kees Cook on 2006-11-06: Fixed 'debian/patches/99_loader_overflows.patch' to correctly handle JPG
file loading (Closes Ubuntu #70278).
5. By Kees Cook on 2006-11-03: * SECURITY UPDATE: multiple overflows found in image loaders allowing
  for arbitrary code execution.
* Add 'debian/patches/99_loader_overflows.patch': bounds check image
  sizes in argb, jpeg, lbm, png, pnm, tga, and tiff loaders.
* References
  CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809
4. By Laurence J. Lane on 2005-08-24: src/lib/rend.c: upstream CVS patch fixes crash in digikam.
Reported by <email address hidden>. Thanks. Closes: #318013
3. By Steve Langasek on 2005-03-25: * Non-maintainer upload.
* High-urgency upload for sarge-targetted RC bugfix.
* Drop the Requires: line from imlib2.pc.in, since there's nothing in
the current code that will populate it with a proper pkg-config
dependency list. Closes: #286636.
2. By Joey Hess <email address hidden> on 2005-01-06: * NMU with the following changes taken from the Ubuntu patch by Martin Pitt
  Closes: #284925
* SECURITY UPDATE: fix several buffer overflows
* loaders/loader_bmp.c: check for negative image width/height
* loaders/loader_xpm.c:
  - check for negative image attributes
  - check the length of the "col" buffer to avoid overflowing it
  - patch taken from upstream CVS
* References:
  CAN-2004-1025
  CAN-2004-1026
1. By Joey Hess <email address hidden> on 2005-01-06: Import upstream version 1.1.2

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/karmic/imlib2

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntuimlib2 package