[ubuntu/lunar-proposed] libxpm 1:3.5.12-1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Jan 17 18:59:14 UTC 2023 

libxpm (1:3.5.12-1ubuntu1) lunar; urgency=medium

  * SECURITY UPDATE: CPU-consuming loop on width of 0
    - debian/patches/CVE-2022-44617-1.patch: add extra checks to
      src/data.c, src/parse.c.
    - debian/patches/CVE-2022-44617-2.patch: prevent a double free in the
      error code path in src/create.c.
    - CVE-2022-44617
  * SECURITY UPDATE: Infinite loop on unclosed comments
    - debian/patches/CVE-2022-46285.patch: handle unclosed comments in
      src/data.c.
    - CVE-2022-46285
  * SECURITY UPDATE: compression commands depend on $PATH
    - debian/patches/CVE-2022-4883.patch: don't rely on $PATH to find the
      commands in src/RdFToI.c, src/WrFFrI.c.
    - CVE-2022-4883

Date: Mon, 16 Jan 2023 12:38:49 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libxpm/1:3.5.12-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 16 Jan 2023 12:38:49 -0500
Source: libxpm
Built-For-Profiles: noudeb
Architecture: source
Version: 1:3.5.12-1ubuntu1
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 libxpm (1:3.5.12-1ubuntu1) lunar; urgency=medium
 .
   * SECURITY UPDATE: CPU-consuming loop on width of 0
     - debian/patches/CVE-2022-44617-1.patch: add extra checks to
       src/data.c, src/parse.c.
     - debian/patches/CVE-2022-44617-2.patch: prevent a double free in the
       error code path in src/create.c.
     - CVE-2022-44617
   * SECURITY UPDATE: Infinite loop on unclosed comments
     - debian/patches/CVE-2022-46285.patch: handle unclosed comments in
       src/data.c.
     - CVE-2022-46285
   * SECURITY UPDATE: compression commands depend on $PATH
     - debian/patches/CVE-2022-4883.patch: don't rely on $PATH to find the
       commands in src/RdFToI.c, src/WrFFrI.c.
     - CVE-2022-4883
Checksums-Sha1:
 c121d362edaff45b8cbdea44e97f02d5559f0f0c 2171 libxpm_3.5.12-1ubuntu1.dsc
 a45c2262c41d1386a409e19d848db6f269b2a477 13289 libxpm_3.5.12-1ubuntu1.diff.gz
 ed11ea288146d5d329264e26ae6ded0194ec7e37 7133 libxpm_3.5.12-1ubuntu1_source.buildinfo
Checksums-Sha256:
 4c76f3f6d8e97567c6bab06413e8041bfc76bcf65b5821d31151ddc9b18664c6 2171 libxpm_3.5.12-1ubuntu1.dsc
 8059648871d7860d7b972dee23b4c7831ee08277a03769678b9e07101e53eea2 13289 libxpm_3.5.12-1ubuntu1.diff.gz
 26f05335404db1f16035c3f258b39e24a3834591c0acf0c9a8974058520fcb0f 7133 libxpm_3.5.12-1ubuntu1_source.buildinfo
Files:
 94d34083836cb6d6e810e5e596734e4c 2171 x11 optional libxpm_3.5.12-1ubuntu1.dsc
 1ee8fd3997a281f1f2d0f8fa0c0d7db3 13289 x11 optional libxpm_3.5.12-1ubuntu1.diff.gz
 6c73f406fc8dd9cb7a2eb4b916360df6 7133 x11 optional libxpm_3.5.12-1ubuntu1_source.buildinfo
Original-Maintainer: Debian X Strike Force <debian-x at lists.debian.org>

More information about the lunar-changes mailing list