Overview

Request 1187057 accepted

- fix CVE-2024-38526 [bsc#1227693] Polyfill Supplay Chain Attack

- version update to 11.7.0
* Release 11.07.00
+ libnetpbm: Fix double free crash when memory allocation via
REALLOCARRAY fails. Introduced in Netpbm 10.40 (September
2007).
+ libnetpbm: Allow color dictionary with more than 1000 entries.
+ ppmhist, ppmtoxpm: Work with color dictionary with more than
1000 color entries.
+ rgb.txt: Add Resene paint colors, 2010.
* Release 11.06.00
+ pamcut: add -reportonly.
+ infotopam: Add input validation.
+ infotopam: Remove input file name from messages. Add -verbose
and issue informational message only if it is specified.
+ libnetpbm: Don't ignore garbage at the end of a color specifier
(e.g. rgbi:0/.5/1xyz).
+ color database: change names of "Spring Green", "Lamp Black",
and "light grey" to "SpringGreen", "LampBlack", and "LightGrey"
to be consistent with other color names.
+ pamcut: fix incorrect output when rectangle to cut is entirely
above the input image. Invisible junk after image. Always
broken. (The ability to cut outside the input image was new in
pamcut's predecessor pnmcut in Netpbm 9.7 (August 2000).
+ pamcut: fix incorrect output with PBM input when rectangle to
cut is entirely below the input image. Invisible junk after
image. Broken in Netpbm 10.44 (September 2008).
+ ppmtowinicon: fix array overrun with 4 and 8 bits per pixel.
Broken in Netpbm 11.05 (December 2023).

Loading...
Request History
Petr Gajdos's avatar

pgajdos created request

- fix CVE-2024-38526 [bsc#1227693] Polyfill Supplay Chain Attack

- version update to 11.7.0
* Release 11.07.00
+ libnetpbm: Fix double free crash when memory allocation via
REALLOCARRAY fails. Introduced in Netpbm 10.40 (September
2007).
+ libnetpbm: Allow color dictionary with more than 1000 entries.
+ ppmhist, ppmtoxpm: Work with color dictionary with more than
1000 color entries.
+ rgb.txt: Add Resene paint colors, 2010.
* Release 11.06.00
+ pamcut: add -reportonly.
+ infotopam: Add input validation.
+ infotopam: Remove input file name from messages. Add -verbose
and issue informational message only if it is specified.
+ libnetpbm: Don't ignore garbage at the end of a color specifier
(e.g. rgbi:0/.5/1xyz).
+ color database: change names of "Spring Green", "Lamp Black",
and "light grey" to "SpringGreen", "LampBlack", and "LightGrey"
to be consistent with other color names.
+ pamcut: fix incorrect output when rectangle to cut is entirely
above the input image. Invisible junk after image. Always
broken. (The ability to cut outside the input image was new in
pamcut's predecessor pnmcut in Netpbm 9.7 (August 2000).
+ pamcut: fix incorrect output with PBM input when rectangle to
cut is entirely below the input image. Invisible junk after
image. Broken in Netpbm 10.44 (September 2008).
+ ppmtowinicon: fix array overrun with 4 and 8 bits per pixel.
Broken in Netpbm 11.05 (December 2023).


Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources


Factory Auto's avatar

factory-auto accepted review

Check script succeeded


Saul Goodman's avatar

licensedigger accepted review

ok


Ana Guerrero's avatar

anag+factory set openSUSE:Factory:Staging:F as a staging project

Being evaluated by staging project "openSUSE:Factory:Staging:F"


Ana Guerrero's avatar

anag+factory accepted review

Picked "openSUSE:Factory:Staging:F"


Marcus Rueckert's avatar

darix accepted review

Accepted review for by_group opensuse-review-team request 1187057 from user anag+factory


Ana Guerrero's avatar

anag+factory accepted review

Staging Project openSUSE:Factory:Staging:F got accepted.


Ana Guerrero's avatar

anag+factory approved review

Staging Project openSUSE:Factory:Staging:F got accepted.


Ana Guerrero's avatar

anag+factory accepted request

Staging Project openSUSE:Factory:Staging:F got accepted.

openSUSE Build Service is sponsored by