Change log for libxpm package in Debian
| 1 → 16 of 16 results | First • Previous • Next • Last |
| Published in bullseye-release |
libxpm (1:3.5.12-1.1+deb11u1) bullseye-security; urgency=high * CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() * CVE-2023-43789: out of bounds read on XPM with corrupted colormap * Avoid CVE-2023-43786: stack exhaustion in XPutImage() * Avoid CVE-2023-43787 (integer overflow in XCreateImage) -- Julien Cristau <email address hidden> Tue, 03 Oct 2023 11:59:05 +0200
| Published in bookworm-release |
libxpm (1:3.5.12-1.1+deb12u1) bookworm-security; urgency=high * CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() * CVE-2023-43789: out of bounds read on XPM with corrupted colormap * Avoid CVE-2023-43786: stack exhaustion in XPutImage() * Avoid CVE-2023-43787 (integer overflow in XCreateImage) -- Julien Cristau <email address hidden> Tue, 03 Oct 2023 11:59:05 +0200
| Published in sid-release |
libxpm (1:3.5.17-1) unstable; urgency=high
[ Timo Aaltonen ]
* New upstream release.
- CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer()
- CVE-2023-43789: out of bounds read on XPM with corrupted colormap
* control: Migrate to x11proto-dev.
* Update signing-key.
* patches: All patches upstream, drop them.
[ Debian Janitor ]
* Remove constraints unnecessary since buster:
+ Build-Depends: Drop versioned constraint on libx11-dev, libxext-dev,
libxt-dev and xutils-dev.
[ Julien Cristau ]
* Update Vcs-* control fields.
* Add ncompress build-dependency for the test suite.
* Install man pages in libxpm-dev.
-- Julien Cristau <email address hidden> Thu, 05 Oct 2023 14:24:36 +0200
Available diffs
| Superseded in bullseye-release |
libxpm (1:3.5.12-1.1~deb11u1) bullseye; urgency=medium * Non-maintainer upload. * Rebuild for bullseye -- Salvatore Bonaccorso <email address hidden> Wed, 25 Jan 2023 21:19:41 +0100
libxpm (1:3.5.12-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix CVE-2022-46285: Infinite loop on unclosed comments
* Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
* configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE
* Fix CVE-2022-4883: compression commands depend on $PATH
* Prevent a double free in the error code path
* Use gzip -d instead of gunzip
* debian/rules: configure: Set explicitly runtime paths for {,un}compress
and gzip.
-- Salvatore Bonaccorso <email address hidden> Mon, 16 Jan 2023 21:01:44 +0100
Available diffs
| Published in jessie-release |
libxpm (1:3.5.12-0+deb8u1) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* New upstream version 3.5.12
- Fix abs() usage
- Fix out out boundary read on unknown colors
- Gracefully handle EOF while parsing files
- Avoid OOB write when handling malicious XPM files (CVE-2016-10164)
- Handle size_t in file/buffer length
-- Salvatore Bonaccorso <email address hidden> Wed, 25 Jan 2017 21:19:49 +0100
| Superseded in bullseye-release |
| Published in buster-release |
| Published in stretch-release |
| Superseded in sid-release |
libxpm (1:3.5.12-1) unstable; urgency=medium
[ Andreas Boll ]
* New upstream release.
* Let uscan verify tarball signatures.
* Improve package description (Closes: #646992). Thanks, Justin B
Rye!
* Switch URLs to https.
* Remove obsolete xsfbs.
* Add placeholder comment into series file.
* Bump debhelper compat to 10.
- Drop build-deps on dh-autoreconf, automake and libtool.
* Stop passing --disable-silent-rules to configure, debhelper does
that for a while.
* Drop no longer needed dpkg-dev versioned build-dependency.
[ Emilio Pozuelo Monfort ]
* Switch to -dbgsym packages.
-- Emilio Pozuelo Monfort <email address hidden> Thu, 22 Dec 2016 17:17:47 +0100
Available diffs
- diff from 1:3.5.11-1 to 1:3.5.12-1 (233.5 KiB)
libxpm (1:3.5.11-1) unstable; urgency=medium * New upstream release. * Rewrite debian/rules using dh, bump compat to 9, drop xsfbs. * Remove Cyril from Uploaders. * Bump x11proto-core-dev build-dep per configure.ac. * Disable silent build rules. * Override gzip-file-is-not-multi-arch-same-safe for xpm.PS.gz. -- Julien Cristau <email address hidden> Sun, 13 Jul 2014 12:24:10 +0200
Available diffs
- diff from 1:3.5.10-1 to 1:3.5.11-1 (95.8 KiB)
libxpm (1:3.5.10-1) unstable; urgency=low
* Clean up libtool m4 files.
* Revert to shipping the doc as PS instead of PDF, so libxpm-dev can be
Multi-Arch: same. Thanks to Jakub Wilk.
* New upstream release.
* Bump debhelper build-dep to 8.1.3 for ${misc:Pre-Depends}.
-- Julien Cristau <email address hidden> Sat, 21 Apr 2012 11:21:07 +0200
Available diffs
- diff from 1:3.5.9-4 (in Ubuntu) to 1:3.5.10-1 (179.7 KiB)
libxpm (1:3.5.9-4) unstable; urgency=low
* Exclude xpmutils from the debug package so it really is multi-arch safe
(closes: #646960). Thanks, Jakub Wilk!
* Don't require fakeroot for debian/rules clean.
* Replace the change from 1:3.5.9-3 with the equivalent fix committed
upstream.
-- Julien Cristau <email address hidden> Mon, 31 Oct 2011 16:41:44 +0100
libxpm (1:3.5.9-3) unstable; urgency=low
* Apply patch from Ubuntu to fix build failure when using ld --no-add-
needed. Closes: #604494.
-- Steve Langasek <email address hidden> Fri, 21 Oct 2011 19:58:12 -0700
libxpm (1:3.5.9-2) unstable; urgency=low
[ Cyril Brulebois ]
* Build xpm.pdf from xpm.PS.gz, and use debian/libxpm-dev.docs to
install it. That's the only available documentation we've got, so
let's ship it (Closes: #466081).
* Add ghostscript build-dep, for ps2pdf.
* Fix typo in long descriptions: specificied → specified.
[ Julien Cristau ]
* Remove David from Uploaders.
* Drop Pre-Depends on x11-common, only needed for upgrades from the
monolith.
* Drop Replaces on xbase-clients 6.8.x.
[ Steve Langasek ]
* Build for multiarch.
-- Steve Langasek <email address hidden> Fri, 21 Oct 2011 15:24:28 -0700
libxpm (1:3.5.9-1) unstable; urgency=low
[ Julien Cristau ]
* Remove myself from Uploaders.
* Rename the build directory to not include DEB_BUILD_GNU_TYPE for no
good reason. Thanks, Colin Watson!
[ Cyril Brulebois ]
* New upstrem release.
* Bump xutils-dev build-dep for new macros.
* Update debian/copyright from upstream COPYING.
* Drop debian/libxpm-dev.docs, xpm.PS is gone.
* Switch from --list-missing to --fail-missing for additional safety.
* Exclude libXpm.la from dh_install accordingly.
* Add myself to Uploaders.
-- Cyril Brulebois <email address hidden> Fri, 19 Nov 2010 10:59:03 +0100
libxpm (1:3.5.8-1) unstable; urgency=low [ Timo Aaltonen ] * New upstream release. * Bump the build-dep on xutils-dev (>= 1:7.5~1). [ Julien Cristau ] * Bump Standards-Version to 3.8.3. -- Julien Cristau <email address hidden> Wed, 25 Nov 2009 19:31:08 +0100
libxpm (1:3.5.7-2) unstable; urgency=low
[ Julien Cristau ]
* Drop -1 debian revisions from build-deps.
* Bump Standards-Version to 3.7.3.
* Drop the XS- prefix from Vcs-* control fields.
* libxpm4{,-dbg} don't need to depend on x11-common.
* Add xpm.PS.gz to the -dev package (closes: #525551).
* Don't handle nostrip in DEB_BUILD_OPTIONS explicitly, dh_strip does the
right thing.
* Use filter instead of findstring to parse DEB_BUILD_OPTIONS in
debian/rules.
* Add README.source, bump Standards-Version to 3.8.1.
* Run autoreconf at build time.
* Allow parallel builds.
* Move -dbg package to new debug section.
* Don't pass -l and -L options to dh_shlibdeps, it seems to be useless
nowadays.
[ Brice Goglin ]
* Add a link to www.X.org and a reference to the upstream module
in the long description.
-- Julien Cristau <email address hidden> Wed, 10 Jun 2009 14:59:30 +0200
libxpm (1:3.5.7-1) unstable; urgency=low * New upstream release. * Add the upstream URL to debian/copyright. * Use binary:Version instead of the deprecated Source-Version. * Add myself to uploaders, and remove Branden with his permission. -- Julien Cristau <email address hidden> Sat, 25 Aug 2007 10:50:50 +0200
| 1 → 16 of 16 results | First • Previous • Next • Last |
