[ubuntu/precise-security] imlib2 1.4.4-1ubuntu0.1 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Fri Sep 9 00:04:50 UTC 2016
imlib2 (1.4.4-1ubuntu0.1) precise-security; urgency=medium
* SECURITY UPDATE: denial of service (divide-by-zero) via drawing
a 2x1 ellipse.
- debian/patches/debian/patches/009_CVE-2011-5326.patch: ensure
denominators are not zero.
- CVE-2011-5326
* SECURITY UPDATE: denial of service (segmentation fault) via a
GIF image without a colormap.
- debian/patches/debian/patches/006_CVE-2014-9762.patch: return
error if no colormap.
- CVE-2014-9762
* SECURITY UPDATE: denial of service (divide-by-zero) handling
PNM files.
- debian/patches/debian/patches/007_CVE-2014-9763.patch: ensure
denominators are not zero.
- CVE-2014-9763
* SECURITY UPDATE: denial of service (segmentation fault) handling
certain GIF images
- debian/patches/debian/patches/008_CVE-2014-9764.patch: check
for NULL.
- CVE-2014-9764
* SECURITY UPDATE: integer overflow leading to denial of service
- debian/patches/debian/patches/010_CVE-2014-9771.patch: reduce
maximum allowed image dimensions.
- CVE-2014-9771
* SECURITY UPDATE: denial of service due to out-of-bounds read.
- debian/patches/debian/patches/011_CVE-2016-3993.patch: check
boundary condition before reading array element.
- CVE-2016-3993
* SECURITY UPDATE: out-of-bounds read handling GIFs leading to denial
of service or information disclosure.
- debian/patches/debian/patches/012_CVE-2016-3994.patch: ensure
colormap limits are honored.
- CVE-2016-3994
* SECURITY UPDATE: different integer overflow on 32 bit arches
leading to a denial of service
- debian/patches/debian/patches/013_CVE-2016-4024.patch: reduce
allowed dimensions even further.
- CVE-2016-4024
Date: 2016-09-01 20:31:14.685718+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/imlib2/1.4.4-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list