[ubuntu/trusty-updates] imlib2 1.4.6-2ubuntu0.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Fri Sep 9 00:58:10 UTC 2016 

imlib2 (1.4.6-2ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service (divide-by-zero) via drawing
    a 2x1 ellipse.
    - debian/patches/debian/patches/04_CVE-2011-5326.patch: ensure
      denominators are not zero.
    - CVE-2011-5326
  * SECURITY UPDATE: denial of service (segmentation fault) via a
    GIF image without a colormap.
    - debian/patches/debian/patches/CVE-2014-9762.patch: return error if
      no colormap.
    - CVE-2014-9762
  * SECURITY UPDATE: denial of service (divide-by-zero) handling
    PNM files.
    - debian/patches/debian/patches/CVE-2014-9763.patch: ensure
      denominators are not zero.
    - CVE-2014-9763
  * SECURITY UPDATE: denial of service (segmentation fault) handling
    certain GIF images
    - debian/patches/debian/patches/CVE-2014-9764.patch: check for NULL.
    - CVE-2014-9764
  * SECURITY UPDATE: integer overflow leading to denial of service
    - debian/patches/debian/patches/05_CVE-2014-9771.patch: reduce
      maximum allowed image dimensions.
    - CVE-2014-9771
  * SECURITY UPDATE: denial of service due to out-of-bounds read.
    - debian/patches/debian/patches/06_CVE-2016-3993.patch: check
      boundary condition before reading array element.
    - CVE-2016-3993
  * SECURITY UPDATE: out-of-bounds read handling GIFs leading to denial
    of service or information disclosure.
    - debian/patches/debian/patches/07_CVE-2016-3994.patch: ensure
      colormap limits are honored.
    - CVE-2016-3994
  * SECURITY UPDATE: different integer overflow on 32 bit arches
    leading to a denial of service
    - debian/patches/debian/patches/08_CVE-2016-4024.patch: reduce
      allowed dimensions even further.
    - CVE-2016-4024

Date: 2016-09-01 20:26:14.302980+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/imlib2/1.4.6-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list