Package "xpmutils"
Name: |
xpmutils
|
Description: |
X11 pixmap utilities
|
Latest version: |
1:3.5.12-1ubuntu0.22.04.2 |
Release: |
jammy (22.04) |
Level: |
security |
Repository: |
universe |
Head package: |
libxpm |
Homepage: |
https://www.x.org |
Links
Download "xpmutils"
Other versions of "xpmutils" in Jammy
Changelog
libxpm (1:3.5.12-1ubuntu0.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: stack exhaustion from infinite recursion in
PutSubImage() in libx11
- d/p/0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch
- d/p/0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch
- CVE-2023-43786
* SECURITY UPDATE: integer overflow in XCreateImage() leading to a heap
overflow in libx11
- d/p/0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch
- d/p/0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch
- CVE-2023-43787
* SECURITY UPDATE: out of bounds read in XpmCreateXpmImageFromBuffer()
- d/p/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
- CVE-2023-43788
* SECURITY UPDATE: out of bounds read on XPM with corrupted colormap
- d/p/0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
- CVE-2023-43789
-- Marc Deslauriers <email address hidden> Mon, 02 Oct 2023 16:10:52 -0400
|
Source diff to previous version |
CVE-2023-43786 |
libX11: stack exhaustion from infinite recursion in PutSubImage() |
CVE-2023-43787 |
ibX11: integer overflow in XCreateImage() leading to a heap overflow |
CVE-2023-43788 |
libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() |
CVE-2023-43789 |
libXpm: out of bounds read on XPM with corrupted colormap |
|
libxpm (1:3.5.12-1ubuntu0.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: CPU-consuming loop on width of 0
- debian/patches/CVE-2022-44617-1.patch: add extra checks to
src/data.c, src/parse.c.
- debian/patches/CVE-2022-44617-2.patch: prevent a double free in the
error code path in src/create.c.
- CVE-2022-44617
* SECURITY UPDATE: Infinite loop on unclosed comments
- debian/patches/CVE-2022-46285.patch: handle unclosed comments in
src/data.c.
- CVE-2022-46285
* SECURITY UPDATE: compression commands depend on $PATH
- debian/patches/CVE-2022-4883.patch: don't rely on $PATH to find the
commands in src/RdFToI.c, src/WrFFrI.c.
- CVE-2022-4883
-- Marc Deslauriers <email address hidden> Mon, 16 Jan 2023 12:38:49 -0500
|
About
-
Send Feedback to @ubuntu_updates