File _patchinfo of Package patchinfo.5576

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.5576

<patchinfo incident="5576">
  <issue id="988745" tracker="bnc">VUL-0: gdk-pixbuf: bmp decoder: Integer overflow in DecodeHeader causes out of bounds heap read in Oneline32</issue>
  <issue id="991450" tracker="bnc">VUL-0: CVE-2016-6352: gdk-pixbuf: Out-of-bounds write in OneLine32() function</issue>
  <issue id="2016-6352" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>mgorse</packager>
  <description>
gdk-pixbuf was updated to 2.32.3 to fix the following issues:

Update to version 2.32.3:
  + Fix two crashes in the bmp loader (bgo#747605, bgo#758991)
  + ico: integer overflow fixes
  + Avoid some integer overflow possibilities in scaling code
  + Make relocations optional
  + Fix a crash due to overflow when scaling
  + Drop loaders for some rare image formats: wbmp, ras, pcx
  + Prevent testsuite failures due to lack of memory
  + Fix animation loading (bgo#755269)
  + More overflow fixes in the scaling code (bgo#754387)
  + Fix a crash in the tga loader
  + Fix several integer overflows (bgo#753908, bgo#753569)
  + Port animations to GTask
  + Translation updates
- Add fixes for some crashes, taken from upstream git (boo#988745 boo#991450 CVE-2016-6352):
</description>
  <summary>Security update for gdk-pixbuf</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.5576

Places