[ANNOUNCE] libXpm 3.5.15
Alan Coopersmith
alan.coopersmith at oracle.com
Tue Jan 17 16:45:05 UTC 2023
libXpm - X Pixmap (XPM) image file format library
-------------------------------------------------
This release contains fixes for the issues reported in today's security
advisory: https://lists.x.org/archives/xorg-announce/2023-January/003312.html
It also adds a new configure option --disable-open-zfile that makes it easy
for people building libXpm to completely disable the code to fork compression
and uncompression programs if they do not have a need for it in their use case.
The README.md file has been updated to document both of the configure options
to control the optional compression handling features.
Alan Coopersmith (12):
man pages: Fix typos and other minor editing
man pages: Replace "See Also" entries with more useful ones
man pages: Apply standard man page style/formatting
configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE
test: Add unit tests using glib framework
cxpm: getc/ungetc wrappers should not adjust position when c == EOF
test: add test case for CVE-2022-46285 (unclosed comments)
Fix CVE-2022-46285: Infinite loop on unclosed comments
test: add test cases for CVE-2022-44617 (zero-width w/enormous height)
Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
Fix CVE-2022-4883: compression commands depend on $PATH
libXpm 3.5.15
Matthieu Herrb (1):
Prevent a double free in the error code path
Peter Hutterer (1):
Use gzip -d instead of gunzip
git tag: libXpm-3.5.15
https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.15.tar.gz
SHA256: 2a9bd419e31270593e59e744136ee2375ae817322447928d2abb6225560776f9 libXpm-3.5.15.tar.gz
SHA512: 85f28a3bd63a9c919cc4cbdb327ec5aa64a87c5ccb10af448b8baf37c26f3b59aaf12af2389267e3e6f563456193a3f478690da743e84fe51573022345f34a93 libXpm-3.5.15.tar.gz
PGP: https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.15.tar.gz.sig
https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.15.tar.xz
SHA256: 60bb906c5c317a6db863e39b69c4a83fdbd2ae2154fcf47640f8fefc9fdfd1c1 libXpm-3.5.15.tar.xz
SHA512: 955d716fcea2c9d868ab941c56f017b39bfa0f47fd2904e9b04c6a9be17f23f8b8c906da9c90a89a789f1f399d419641705ff5b6f9921820e34d4807c7a1992f libXpm-3.5.15.tar.xz
PGP: https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.15.tar.xz.sig
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-announce/attachments/20230117/f276cb58/attachment.sig>
More information about the xorg-announce
mailing list