[ubuntu/focal-security] libxpm 1:3.5.12-1ubuntu0.20.04.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jan 17 17:14:14 UTC 2023
libxpm (1:3.5.12-1ubuntu0.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: CPU-consuming loop on width of 0
- debian/patches/CVE-2022-44617-1.patch: add extra checks to
src/data.c, src/parse.c.
- debian/patches/CVE-2022-44617-2.patch: prevent a double free in the
error code path in src/create.c.
- CVE-2022-44617
* SECURITY UPDATE: Infinite loop on unclosed comments
- debian/patches/CVE-2022-46285.patch: handle unclosed comments in
src/data.c.
- CVE-2022-46285
* SECURITY UPDATE: compression commands depend on $PATH
- debian/patches/CVE-2022-4883.patch: don't rely on $PATH to find the
commands in src/RdFToI.c, src/WrFFrI.c.
- CVE-2022-4883
Date: 2023-01-16 18:38:15.979225+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libxpm/1:3.5.12-1ubuntu0.20.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list