-
gdk-pixbuf (2.36.5-3ubuntu0.2) zesty-security; urgency=medium
* SECURITY UPDATE: Integer overflow checks not enough
- debian/patches/CVE-2017-2870.patch: checks for integer overflow
in multiplication in gdk-pixbuf/io-tiff.c.
- CVE-2017-2870
* SECURITY UPDATE: exploitable heap overflow
- debian/patches/CVE-2017-2862-part1.patch: Throw error
when number of colour components is unsupported in
gdk-pixbuf/io-jpeg.c.
- debian/patches/CVE-2017-2862-part2.patch: restore grayscale
support in gdk-pixbuf/io-jpeg.c
- debian/patches/CVE-2017-2862-part3.patch: add test in
tests/pixbuf-fail.c.
- CVE-2017-2862
* SECURITY UPDATE: context-dependent to cause DoS
- debian/patches/CVE-2017-6311-part1.patch: update skeleton to fix
a possible crash in thumbnailer/gnome-thumbnailer-skeleton.c.
- debian/patches/CVE-2017-6311-part2.patch: return an error if the
ICO didn't load in gdk-pixbuf/io-ico.c.
- CVE-2017-6311
-- <email address hidden> (Leonidas S. Barbosa) Wed, 13 Sep 2017 16:51:56 -0300
-
gdk-pixbuf (2.36.5-3) experimental; urgency=medium
[ Jeremy Bicha ]
* Add new libgdk-pixbuf2.0-bin package to install thumbnailer
binary and metadata needed by gnome-desktop 3.23 (LP: #1665602)
* Have libgdk-pibxuf2.0-0 recommend libgdk-pixbuf2.0-bin
* debian/rules: Change dh_install's --list-missing to --fail-missing to
catch this issue sooner next time
[ Iain Lane ]
* debian/rules: Don't use -X.la - it's error prone as it does substring
matching instead of globbing. Instead use `find ... -delete' to remove
*.la files explicitly.
* debian/control.*: Update Vcs-* for branch.
-- Jeremy Bicha <email address hidden> Tue, 14 Mar 2017 16:05:47 +0000
-
gdk-pixbuf (2.36.5-1) experimental; urgency=medium
* Branch to experimental - update Vcs-*
* New upstream release 2.36.5
+ Fix mimetypes for thumbnailer
+ Handle fseek failure
+ Fix signed/unsigned handling
+ Fix an overflow check
+ Handle extreme scaling better
* Bump libglib2.0 BD to 2.48.0, per configure.ac
* Try replacing d/p/01-disable-oom-test.patch with
d/p/0001-skip-perturb-for-cve-2015-4491-original-test.patch: This should
ideally allow the test to be run without OOMing, which is better than not
running it at all. (The proper fix is still to be investigated.)
-- Iain Lane <email address hidden> Tue, 14 Feb 2017 11:36:07 +0000
-
gdk-pixbuf (2.36.5-0ubuntu1) zesty; urgency=medium
* New upstream release (LP: #1664288)
-- Jeremy Bicha <email address hidden> Mon, 13 Feb 2017 11:20:38 -0500
-
gdk-pixbuf (2.36.4-1) unstable; urgency=medium
* New upstream release.
-- Emilio Pozuelo Monfort <email address hidden> Tue, 17 Jan 2017 00:45:42 +0100
-
gdk-pixbuf (2.36.3-1) unstable; urgency=medium
[ Emilio Pozuelo Monfort ]
* New upstream release.
-- Iain Lane <email address hidden> Mon, 09 Jan 2017 14:23:04 +0000
-
gdk-pixbuf (2.36.2-1) unstable; urgency=medium
* New upstream release.
-- Michael Biebl <email address hidden> Thu, 22 Dec 2016 02:20:02 +0100
-
gdk-pixbuf (2.36.0-1ubuntu1) zesty; urgency=medium
* Sync with Debian (LP: #1643222). Remaining change:
- Unset MALLOC_PERTURB_ for the /pixbuf/cve-2015-4491/original test, as
it fails with OOM, or gets OOM killed.
* Drop CVE-2016-6352.patch, the fix was applied in new upstream version
-- Jeremy Bicha <email address hidden> Sat, 19 Nov 2016 12:50:45 -0500
-
gdk-pixbuf (2.34.0-1ubuntu2) yakkety; urgency=medium
* SECURITY UPDATE: Fixes for write out-of-bounds error
- debian/patches/CVE-2016-6352.patch: Be more careful when parsing ico
headers. Based on upstream patch.
- CVE-2016-6352
-- Emily Ratliff <email address hidden> Fri, 02 Sep 2016 17:30:17 -0500
