[Bug 344397] [NEW] Sync libtk-img 1:1.3-release-8 (universe) from Debian unstable (main).
Launchpad Bug Tracker
344397 at bugs.launchpad.net
Tue Mar 17 17:18:10 GMT 2009
You have been subscribed to a public bug by Kees Cook (kees):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/libtk-img
status confirmed
importance wishlist
subscribe ubuntu-archive
Please sync libtk-img 1:1.3-release-8 (universe) from Debian unstable
(main).
Changelog since current jaunty version 1:1.3-release-7:
libtk-img (1:1.3-release-8) unstable; urgency=high
* Applied patch by Nico Golde (previously created for Tk 8.4) which fixes
security vulnerability CVE-2007-5137 arbitrary code execution via
multi-frame interlaced GIF.
* Applied patch by Nico Golde (previously created for Tk 8.4) which fixes
security vulnerability CVE-2007-5378 overflow triggered by crafted
GIF file (closes: #519072).
* Set urgency to high as this upload fixes security vulnerabilities.
* Mangled Debian version and use SF redirector in debian/watch uscan control
file.
* Overridden lintian warning on an ancient libtool version in libjpeg
subdirectory because it isn't used when building the binary package.
-- Sergei Golovan <sgolovan at debian.org> Sat, 14 Mar 2009 08:42:09
+0300
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Kees Cook <kees at outflux.net>
iEYEARECAAYFAkm/2yEACgkQH/9LqRcGPm0hnACfeoDr6le3KMZ96OTcONMjYETo
jc0Ani1m5gNisitDDiF3QGN79hb6wK/W
=h6ll
-----END PGP SIGNATURE-----
** Affects: libtk-img (Ubuntu)
Importance: Wishlist
Status: Confirmed
--
Sync libtk-img 1:1.3-release-8 (universe) from Debian unstable (main).
https://bugs.launchpad.net/bugs/344397
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list