libxpm (1:3.5.12-1.1+deb12u1) bookworm-security; urgency=high * CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() * CVE-2023-43789: out of bounds read on XPM with corrupted colormap * Avoid CVE-2023-43786: stack exhaustion in XPutImage() * Avoid CVE-2023-43787 (integer overflow in XCreateImage) -- Julien Cristau <jcristau@debian.org> Tue, 03 Oct 2023 11:59:05 +0200 libxpm (1:3.5.12-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix CVE-2022-46285: Infinite loop on unclosed comments * Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height * configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE * Fix CVE-2022-4883: compression commands depend on $PATH * Prevent a double free in the error code path * Use gzip -d instead of gunzip * debian/rules: configure: Set explicitly runtime paths for {,un}compress and gzip. -- Salvatore Bonaccorso <carnil@debian.org> Mon, 16 Jan 2023 21:01:44 +0100 libxpm (1:3.5.12-1) unstable; urgency=medium [ Andreas Boll ] * New upstream release. * Let uscan verify tarball signatures. * Improve package description (Closes: #646992). Thanks, Justin B Rye! * Switch URLs to https. * Remove obsolete xsfbs. * Add placeholder comment into series file. * Bump debhelper compat to 10. - Drop build-deps on dh-autoreconf, automake and libtool. * Stop passing --disable-silent-rules to configure, debhelper does that for a while. * Drop no longer needed dpkg-dev versioned build-dependency. [ Emilio Pozuelo Monfort ] * Switch to -dbgsym packages. -- Emilio Pozuelo Monfort <pochu@debian.org> Thu, 22 Dec 2016 17:17:47 +0100 libxpm (1:3.5.11-1) unstable; urgency=medium * New upstream release. * Rewrite debian/rules using dh, bump compat to 9, drop xsfbs. * Remove Cyril from Uploaders. * Bump x11proto-core-dev build-dep per configure.ac. * Disable silent build rules. * Override gzip-file-is-not-multi-arch-same-safe for xpm.PS.gz. -- Julien Cristau <jcristau@debian.org> Sun, 13 Jul 2014 12:24:10 +0200 # Older entries have been removed from this changelog. # To read the complete changelog use `apt changelog libxpm4`.
Generated by dwww version 1.15 on Sun Jun 23 21:35:22 CEST 2024.