Univention Bugzilla – Bug 48453
libcaca: Multiple issues (4.2)
Last modified: 2019-01-16 13:40:10 CET
New Debian libcaca 0.99.beta19-2+deb8u1 fixes: This update addresses the following issues: * float point exception at caca/dither.c:1013 function caca_dither_bitmap() (CVE-2018-20544) * illegal READ memory access at caca/dither.c:1347 function get_rgba_default() (CVE-2018-20546) * illegal READ memory access at caca/dither.c:1337 function:get_rgba_default() (CVE-2018-20547) * illegal WRITE memory access at caca/file.c function caca_file_read() (CVE-2018-20549)
--- mirror/ftp/4.2/unmaintained/4.2-0/source/libcaca_0.99.beta19-2.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/libcaca_0.99.beta19-2+deb8u1.dsc @@ -1,3 +1,12 @@ +0.99.beta19-2+deb8u1 [Wed, 09 Jan 2019 22:44:10 +0100] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2018-20544, CVE-2018-20546, CVE-2018-20547 and CVE-2018-20549. + Several vulnerabilities were discovered in libcaca, a graphics library that + outputs text: integer overflows, floating point exceptions or invalid + memory reads may lead to a denial-of-service (application crash) + if a malformed image file is processed. + 0.99.beta19-2 [Mon, 02 Jun 2014 22:38:19 +0200] Sam Hocevar <sho@debian.org>: * debian/patches/100_doxygen.diff: remove deprecated Doxygen variables. <http://10.200.17.11/4.2-5/#1235038388761162408>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 877b8912b3 Bug #48453: libcaca_0.99.beta19-2+deb8u1 doc/errata/staging/libcaca.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
<http://errata.software-univention.de/ucs/4.2/578.html>