Bug#1029651: bullseye-pu: package libxpm/1:3.5.12-1.1~deb11u1
Hi Adam,
On Sat, Feb 04, 2023 at 06:28:28PM +0000, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Wed, 2023-01-25 at 21:32 +0100, Salvatore Bonaccorso wrote:
> > I would like to propose to update libxpm in bullseye as well fixing
> > some no-dsa tagged CVEs by simply rebuilding the package which got
> > uploaded to unstable (without other changes apart addressing issues):
> >
> > +libxpm (1:3.5.12-1.1~deb11u1) bullseye; urgency=medium
> > +
> > + * Non-maintainer upload.
> > + * Rebuild for bullseye
> > +
> > + -- Salvatore Bonaccorso <carnil@debian.org> Wed, 25 Jan 2023
> > 21:19:41 +0100
> > +
> > +libxpm (1:3.5.12-1.1) unstable; urgency=medium
> > +
> > + * Non-maintainer upload.
> > + * Fix CVE-2022-46285: Infinite loop on unclosed comments
> > + * Fix CVE-2022-44617: Runaway loop with width of 0 and enormous
> > height
> > + * configure: add --disable-open-zfile instead of requiring
> > -DNO_ZPIPE
> > + * Fix CVE-2022-4883: compression commands depend on $PATH
> > + * Prevent a double free in the error code path
> > + * Use gzip -d instead of gunzip
> > + * debian/rules: configure: Set explicitly runtime paths for
> > {,un}compress
> > + and gzip.
> >
>
> Please go ahead.
Thank you, have done the upload.
Regards,
Salvatore
Reply to: