Request 658864: Submit leptonica - openSUSE Build Service

Overview

Request 658864 accepted

- Update to 1.77.0
* CVE-2018-7442: potential injection attack because '/' is allowed in gplot
rootdir. (bsc#1082748)
* CVE-2018-7186: number of characters not limited in fscanf or sscanf,
allowing possible attack with buffer overflow. (bsc#1081576)
* CVE-2018-3836: command injection vulnerability in gplotMakeOutput().
(bsc#1079358)
* CVE-2017-18196: duplicated path components. (bsc#1082843)
* CVE-2018-7441: hardcoded /tmp pathnames. (bsc#1082749)
* CVE-2018-7247: input 'rootname' can overflow a buffer. (bsc#1081631)
* CVE-2018-7440: command injection in gplotMakeOutput using $(command).
(bsc#1082747)
* Using a packed struct for bmp headers to avoid crash on some big-endians.
* Fixed a bug in the prototype parser for xtractprotos that was
surfaced by a typedef declaration for the bmp headers.
* Added some basic pixa functions for rotation and translation.
* Added an iterative method to find rectangular coverings for arbitrary
connected components.
* Enabled read/write for standard jpeg compressed tiff images.
* Enabled reading for the old (deprecated) jpeg-encoded tiffs.
* Fix range selectors for pixa, pixaa, boxa, boxaa, pta: Now, last = -1 goes
to the end.
* When reading tiff --> pix, insert IMAGEDESCRIPTION into text field.

Created by kbabioch almost 6 years ago
In state accepted
Package maintainer: Lazy_Kent

Submit leptonica

Comments for request 658864 0

Login required, please login in order to comment

Request History

kbabioch created request almost 6 years ago

- Update to 1.77.0
* CVE-2018-7442: potential injection attack because '/' is allowed in gplot
rootdir. (bsc#1082748)
* CVE-2018-7186: number of characters not limited in fscanf or sscanf,
allowing possible attack with buffer overflow. (bsc#1081576)
* CVE-2018-3836: command injection vulnerability in gplotMakeOutput().
(bsc#1079358)
* CVE-2017-18196: duplicated path components. (bsc#1082843)
* CVE-2018-7441: hardcoded /tmp pathnames. (bsc#1082749)
* CVE-2018-7247: input 'rootname' can overflow a buffer. (bsc#1081631)
* CVE-2018-7440: command injection in gplotMakeOutput using $(command).
(bsc#1082747)
* Using a packed struct for bmp headers to avoid crash on some big-endians.
* Fixed a bug in the prototype parser for xtractprotos that was
surfaced by a typedef declaration for the bmp headers.
* Added some basic pixa functions for rotation and translation.
* Added an iterative method to find rectangular coverings for arbitrary
connected components.
* Enabled read/write for standard jpeg compressed tiff images.
* Enabled reading for the old (deprecated) jpeg-encoded tiffs.
* Fix range selectors for pixa, pixaa, boxa, boxaa, pta: Now, last = -1 goes
to the end.
* When reading tiff --> pix, insert IMAGEDESCRIPTION into text field.

Lazy_Kent accepted request almost 6 years ago

Thanks!

openSUSE Build Service is sponsored by