Univention Bugzilla – Bug 50148
libcaca: Multiple issues (4.4)
Last modified: 2019-09-11 15:25:42 CEST
New Debian libcaca 0.99.beta19-2.1~deb9u1 fixes: This update addresses the following issues: * There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. (CVE-2018-20544) * There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. (CVE-2018-20545) * There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. (CVE-2018-20546) * There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. (CVE-2018-20547) * There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data. (CVE-2018-20548) * There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. (CVE-2018-20549)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libcaca_0.99.beta19-2.dsc +++ apt/ucs_4.4-0-errata4.4-1/source/libcaca_0.99.beta19-2.1~deb9u1.dsc @@ -1,3 +1,15 @@ +0.99.beta19-2.1~deb9u1 [Wed, 28 Aug 2019 18:09:58 +0200] Andreas Beckmann <anbe@debian.org>: + + * Non-maintainer upload. + * Rebuild for stretch. + +0.99.beta19-2.1 [Sat, 06 Apr 2019 22:18:41 +0200] Tobias Frost <tobi@debian.org>: + + * Non-maintainer upload. + * Cherry-Pick fixes from upstream git repository: + - CVE-2018-20545, CVE-2018-20546, CVE-2018-20547,CVE-2018-20548 and + CVE-2018-20549 (Closes: #917807) + 0.99.beta19-2 [Mon, 02 Jun 2014 22:38:19 +0200] Sam Hocevar <sho@debian.org>: * debian/patches/100_doxygen.diff: remove deprecated Doxygen variables. <http://10.200.17.11/4.4-1/#5476950221731122545>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-1] 8569be0010 Bug #50148: libcaca 0.99.beta19-2.1~deb9u1 doc/errata/staging/libcaca.yaml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) [4.4-1] ff8f9886b9 Bug #50148: libcaca 0.99.beta19-2.1~deb9u1 doc/errata/staging/libcaca.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+)
<http://errata.software-univention.de/ucs/4.4/257.html>