[ubuntu/jammy-updates] libxpm 1:3.5.12-1ubuntu0.22.04.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Jan 17 18:28:14 UTC 2023
libxpm (1:3.5.12-1ubuntu0.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: CPU-consuming loop on width of 0
- debian/patches/CVE-2022-44617-1.patch: add extra checks to
src/data.c, src/parse.c.
- debian/patches/CVE-2022-44617-2.patch: prevent a double free in the
error code path in src/create.c.
- CVE-2022-44617
* SECURITY UPDATE: Infinite loop on unclosed comments
- debian/patches/CVE-2022-46285.patch: handle unclosed comments in
src/data.c.
- CVE-2022-46285
* SECURITY UPDATE: compression commands depend on $PATH
- debian/patches/CVE-2022-4883.patch: don't rely on $PATH to find the
commands in src/RdFToI.c, src/WrFFrI.c.
- CVE-2022-4883
Date: 2023-01-16 18:38:13.447835+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libxpm/1:3.5.12-1ubuntu0.22.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list