libxpm (1:3.5.12-1ubuntu0.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: stack exhaustion from infinite recursion in
PutSubImage() in libx11
- d/p/0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch
- d/p/0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch
- CVE-2023-43786
* SECURITY UPDATE: integer overflow in XCreateImage() leading to a heap
overflow in libx11
- d/p/0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch
- d/p/0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch
- CVE-2023-43787
* SECURITY UPDATE: out of bounds read in XpmCreateXpmImageFromBuffer()
- d/p/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
- CVE-2023-43788
* SECURITY UPDATE: out of bounds read on XPM with corrupted colormap
- d/p/0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
- CVE-2023-43789
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 02 Oct 2023 16:10:52 -0400
libxpm (1:3.5.12-1ubuntu0.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: CPU-consuming loop on width of 0
- debian/patches/CVE-2022-44617-1.patch: add extra checks to
src/data.c, src/parse.c.
- debian/patches/CVE-2022-44617-2.patch: prevent a double free in the
error code path in src/create.c.
- CVE-2022-44617
* SECURITY UPDATE: Infinite loop on unclosed comments
- debian/patches/CVE-2022-46285.patch: handle unclosed comments in
src/data.c.
- CVE-2022-46285
* SECURITY UPDATE: compression commands depend on $PATH
- debian/patches/CVE-2022-4883.patch: don't rely on $PATH to find the
commands in src/RdFToI.c, src/WrFFrI.c.
- CVE-2022-4883
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 16 Jan 2023 12:38:49 -0500
libxpm (1:3.5.12-1build2) jammy; urgency=high
* No change rebuild for ppc64el baseline bump.
-- Julian Andres Klode <juliank@ubuntu.com> Thu, 24 Mar 2022 17:22:04 +0100
libxpm (1:3.5.12-1build1) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <doko@ubuntu.com> Thu, 07 Oct 2021 12:19:51 +0200
libxpm (1:3.5.12-1) unstable; urgency=medium
[ Andreas Boll ]
* New upstream release.
* Let uscan verify tarball signatures.
* Improve package description (Closes: #646992). Thanks, Justin B
Rye!
* Switch URLs to https.
* Remove obsolete xsfbs.
* Add placeholder comment into series file.
* Bump debhelper compat to 10.
- Drop build-deps on dh-autoreconf, automake and libtool.
* Stop passing --disable-silent-rules to configure, debhelper does
that for a while.
* Drop no longer needed dpkg-dev versioned build-dependency.
[ Emilio Pozuelo Monfort ]
* Switch to -dbgsym packages.
-- Emilio Pozuelo Monfort <pochu@debian.org> Thu, 22 Dec 2016 17:17:47 +0100
libxpm (1:3.5.11-1) unstable; urgency=medium
* New upstream release.
* Rewrite debian/rules using dh, bump compat to 9, drop xsfbs.
* Remove Cyril from Uploaders.
* Bump x11proto-core-dev build-dep per configure.ac.
* Disable silent build rules.
* Override gzip-file-is-not-multi-arch-same-safe for xpm.PS.gz.
-- Julien Cristau <jcristau@debian.org> Sun, 13 Jul 2014 12:24:10 +0200
libxpm (1:3.5.10-1) unstable; urgency=low
* Clean up libtool m4 files.
* Revert to shipping the doc as PS instead of PDF, so libxpm-dev can be
Multi-Arch: same. Thanks to Jakub Wilk.
* New upstream release.
* Bump debhelper build-dep to 8.1.3 for ${misc:Pre-Depends}.
-- Julien Cristau <jcristau@debian.org> Sat, 21 Apr 2012 11:21:07 +0200
libxpm (1:3.5.9-4) unstable; urgency=low
* Exclude xpmutils from the debug package so it really is multi-arch safe
(closes: #646960). Thanks, Jakub Wilk!
* Don't require fakeroot for debian/rules clean.
* Replace the change from 1:3.5.9-3 with the equivalent fix committed
upstream.
-- Julien Cristau <jcristau@debian.org> Mon, 31 Oct 2011 16:41:44 +0100
libxpm (1:3.5.9-3) unstable; urgency=low
* Apply patch from Ubuntu to fix build failure when using ld --no-add-
needed. Closes: #604494.
-- Steve Langasek <vorlon@debian.org> Fri, 21 Oct 2011 20:21:48 -0700
libxpm (1:3.5.9-2) unstable; urgency=low
[ Cyril Brulebois ]
* Build xpm.pdf from xpm.PS.gz, and use debian/libxpm-dev.docs to
install it. That's the only available documentation we've got, so
let's ship it (Closes: #466081).
* Add ghostscript build-dep, for ps2pdf.
* Fix typo in long descriptions: specificied → specified.
[ Julien Cristau ]
* Remove David from Uploaders.
* Drop Pre-Depends on x11-common, only needed for upgrades from the
monolith.
* Drop Replaces on xbase-clients 6.8.x.
[ Steve Langasek ]
* Build for multiarch.
-- Steve Langasek <vorlon@debian.org> Fri, 21 Oct 2011 15:24:28 -0700
# For older changelog entries, run 'apt-get changelog libxpm4'
Generated by dwww version 1.14 on Thu Jan 23 03:33:44 CET 2025.