[ubuntu/trusty-security] gdk-pixbuf 2.30.7-0ubuntu1.6 (Accepted)

Emily Ratliff emily.ratliff at canonical.com
Wed Sep 21 18:13:29 UTC 2016

gdk-pixbuf (2.30.7-0ubuntu1.6) trusty-security; urgency=medium

  * SECURITY UPDATE: Fix a write out-of-bounds error parsing a malicious ico
    - debian/patches/CVE-2016-6352.patch: Be more careful when parsing ico
      headers. Based on upstream patch.
    - Thanks to Franco Costantini for discovering this issue using QuickFuzz.
    - CVE-2016-6352
  * SECURITY UPDATE: Fix a heap-based buffer overflow
    - debian/patches/CVE-2015-7552.patch: Protect against overflow. Based on
      upstream patches.
    - CVE-2015-7552
  * SECURITY UPDATE: Fix multiple integer overflows
    - debian/patches/CVE-2015-8875.patch: use gint64 in more places to avoid
      overflow when shifting
    - CVE-2015-8875

Date: 2016-09-21 15:10:13.071365+00:00
Changed-By: Emily Ratliff <emily.ratliff at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list