Ubuntu
imlib2 package

Change logs for imlib2 source package in Precise

  1. Precise (12.04)
  2. Change log 
  • imlib2 (1.4.4-1ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service (divide-by-zero) via drawing
    a 2x1 ellipse.
    - debian/patches/debian/patches/009_CVE-2011-5326.patch: ensure
      denominators are not zero.
    - CVE-2011-5326
  * SECURITY UPDATE: denial of service (segmentation fault) via a
    GIF image without a colormap.
    - debian/patches/debian/patches/006_CVE-2014-9762.patch: return
      error if no colormap.
    - CVE-2014-9762
  * SECURITY UPDATE: denial of service (divide-by-zero) handling
    PNM files.
    - debian/patches/debian/patches/007_CVE-2014-9763.patch: ensure
      denominators are not zero.
    - CVE-2014-9763
  * SECURITY UPDATE: denial of service (segmentation fault) handling
    certain GIF images
    - debian/patches/debian/patches/008_CVE-2014-9764.patch: check
      for NULL.
    - CVE-2014-9764
  * SECURITY UPDATE: integer overflow leading to denial of service
    - debian/patches/debian/patches/010_CVE-2014-9771.patch: reduce
      maximum allowed image dimensions.
    - CVE-2014-9771
  * SECURITY UPDATE: denial of service due to out-of-bounds read.
    - debian/patches/debian/patches/011_CVE-2016-3993.patch: check
      boundary condition before reading array element.
    - CVE-2016-3993
  * SECURITY UPDATE: out-of-bounds read handling GIFs leading to denial
    of service or information disclosure.
    - debian/patches/debian/patches/012_CVE-2016-3994.patch: ensure
      colormap limits are honored.
    - CVE-2016-3994
  * SECURITY UPDATE: different integer overflow on 32 bit arches
    leading to a denial of service
    - debian/patches/debian/patches/013_CVE-2016-4024.patch: reduce
      allowed dimensions even further.
    - CVE-2016-4024

 -- Steve Beattie <email address hidden>  Thu, 01 Sep 2016 12:59:21 -0700
  • imlib2 (1.4.4-1build1) precise; urgency=low

  * Rebuild for libjpeg8.
 -- Colin Watson <email address hidden>   Tue, 18 Oct 2011 17:26:40 +0100
  • imlib2 (1.4.4-1) unstable; urgency=low

  * New upstream release
  * fixed FTBFS. 1.4.2-8ubuntu1 patch by Matthias Klose. Thanks.
    Closes: #554867
  * 1.4.2-8ubuntu2 patch by Steve Langasek. Thanks.
    + removed dependency_libs from .la files. Closes: #619689
    + use dh overrides for debian/rules
 -- Steve Langasek <email address hidden>   Fri,  03 Jun 2011 06:16:46 +0000