/usr/share/doc/libxpm4/changelog.Debian.gz

dwww Home | Show directory contents | Find package
libxpm (1:3.5.12-1.1+deb12u1) bookworm-security; urgency=high

  * CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer()
  * CVE-2023-43789: out of bounds read on XPM with corrupted colormap
  * Avoid CVE-2023-43786: stack exhaustion in XPutImage()
  * Avoid CVE-2023-43787 (integer overflow in XCreateImage)

 -- Julien Cristau <jcristau@debian.org>  Tue, 03 Oct 2023 11:59:05 +0200

libxpm (1:3.5.12-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix CVE-2022-46285: Infinite loop on unclosed comments
  * Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
  * configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE
  * Fix CVE-2022-4883: compression commands depend on  $PATH
  * Prevent a double free in the error code path
  * Use gzip -d instead of gunzip
  * debian/rules: configure: Set explicitly runtime paths for {,un}compress
    and gzip.

 -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 16 Jan 2023 21:01:44 +0100

libxpm (1:3.5.12-1) unstable; urgency=medium

  [ Andreas Boll ]
  * New upstream release.
  * Let uscan verify tarball signatures.
  * Improve package description (Closes: #646992).  Thanks, Justin B
    Rye!
  * Switch URLs to https.
  * Remove obsolete xsfbs.
  * Add placeholder comment into series file.
  * Bump debhelper compat to 10.
    - Drop build-deps on dh-autoreconf, automake and libtool.
  * Stop passing --disable-silent-rules to configure, debhelper does
    that for a while.
  * Drop no longer needed dpkg-dev versioned build-dependency.

  [ Emilio Pozuelo Monfort ]
  * Switch to -dbgsym packages.

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Thu, 22 Dec 2016 17:17:47 +0100

libxpm (1:3.5.11-1) unstable; urgency=medium

  * New upstream release.
  * Rewrite debian/rules using dh, bump compat to 9, drop xsfbs.
  * Remove Cyril from Uploaders.
  * Bump x11proto-core-dev build-dep per configure.ac.
  * Disable silent build rules.
  * Override gzip-file-is-not-multi-arch-same-safe for xpm.PS.gz.

 -- Julien Cristau <jcristau@debian.org>  Sun, 13 Jul 2014 12:24:10 +0200

# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog libxpm4`.
Generated by dwww version 1.15 on Sun Jun 23 21:35:22 CEST 2024.