tags 505714 + patch pending
thanks
Hi Laurance,
Here is the NMU for imlib2 (versioned as 1.4.0-1.2) and to be uploaded.
Kind regards
T.
diff -u imlib2-1.4.0/debian/control imlib2-1.4.0/debian/control
--- imlib2-1.4.0/debian/control
+++ imlib2-1.4.0/debian/control
@@ -2,7 +2,7 @@
Section: libs
Priority: optional
Maintainer: Laurence J. Lane <[EMAIL PROTECTED]>
-Build-Depends: libjpeg62-dev, libpng12-dev, libtiff4-dev, zlib1g-dev,
libungif4-dev, libx11-dev, libxext-dev, libfreetype6-dev, cdbs, libltdl3-dev,
libbz2-dev, libid3tag0-dev, debhelper (>> 5)
+Build-Depends: libjpeg62-dev, libpng12-dev, libtiff4-dev, zlib1g-dev,
libgif-dev, libx11-dev, libxext-dev, libfreetype6-dev, cdbs, libltdl3-dev,
libbz2-dev, libid3tag0-dev, debhelper (>> 5)
Standards-Version: 3.7.2
Package: libimlib2
@@ -22,7 +22,7 @@
Architecture: any
Section: libdevel
Replaces: libimlib2
-Depends: libimlib2 (=${binary:Version}), libc6-dev, libjpeg62-dev,
libpng12-dev, libtiff4-dev, zlib1g-dev, libungif4-dev, libx11-dev, libxext-dev,
libfreetype6-dev, libltdl3-dev
+Depends: libimlib2 (=${binary:Version}), libc6-dev, libjpeg62-dev,
libpng12-dev, libtiff4-dev, zlib1g-dev, libgif-dev, libx11-dev, libxext-dev,
libfreetype6-dev, libltdl3-dev
Description: Imlib2 development files
Headers, static libraries and documentation for developing
software that uses Imlib2.
diff -u imlib2-1.4.0/debian/libimlib2-dev.doc-base
imlib2-1.4.0/debian/libimlib2-dev.doc-base
--- imlib2-1.4.0/debian/libimlib2-dev.doc-base
+++ imlib2-1.4.0/debian/libimlib2-dev.doc-base
@@ -3,7 +3,7 @@
Author: Carsten Haitzler
Abstract: This document describes Imlib2 API
and provides sample C code.
-Section: Apps/Programming
+Section: Programming
Format: HTML
Index: /usr/share/doc/libimlib2-dev/html/index.html
diff -u imlib2-1.4.0/debian/changelog imlib2-1.4.0/debian/changelog
--- imlib2-1.4.0/debian/changelog
+++ imlib2-1.4.0/debian/changelog
@@ -1,3 +1,13 @@
+imlib2 (1.4.0-1.2) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix crash in XPM loader. Bug and test case by Julien Danjou, patch by
+ Peter De Wachter, thanks! Closes: #505714 aka CVE-2008-5187
+ * Change libungif4-dev to libgif-dev in (Build-)Depends.
+ * Fix doc-base section to drop Apps/.
+
+ -- Thomas Viehmann <[EMAIL PROTECTED]> Sat, 22 Nov 2008 10:45:27 +0100
+
imlib2 (1.4.0-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
diff -u imlib2-1.4.0/src/modules/loaders/loader_xpm.c
imlib2-1.4.0/src/modules/loaders/loader_xpm.c
--- imlib2-1.4.0/src/modules/loaders/loader_xpm.c
+++ imlib2-1.4.0/src/modules/loaders/loader_xpm.c
@@ -246,8 +246,8 @@
return 0;
}
ptr = im->data;
- end = ptr + (sizeof(DATA32) * w * h);
pixels = w * h;
+ end = ptr + pixels;
}
else
{
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
