freeimage: multiple vulnerabilities in embedded code copies

Bug #898825 reported by Cosme Domínguez on 2011-12-01
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
freeimage (Ubuntu)
Undecided
Unassigned

Bug Description

Ubuntu ships Freeimage 3.13.1 and upstream has 3.15.1

* libtiff (from 3.9.2 to 3.9.5)
  - CVE-2010-1411
  - CVE-2009-2347

* libpng (from 1.2.41 to 1.5.4)
  - CVE-2010-1205
  - CVE-2011-2690
  - CVE-2011-2691
  - CVE-2011-2692

Cosme Domínguez (cosme) on 2011-12-01
description: updated
visibility: private → public
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package freeimage - 3.15.1-1

---------------
freeimage (3.15.1-1) unstable; urgency=low

  [ Evan Broder ]
  * QA upload.
  * New upstream release (closes: 649541, LP: #898825, #898845)
    - Refreshed patches.
      + Abuse dh-autoreconf to generate Makefile.srcs and fipMakefile.srcs
        patches at build time
    - Update debian/freeimage-get-orig-source for the new version.
    - Add new build-dep libraw-dev.
    - Update patch to disable embedded libraries to deal with API changes
      in libpng, libmng, and libraw.
    - Make sure we install symlinks for libfreeimageplus.
    - Use (upstream-supported) CFLAGS instead of COMPILERFLAGS.
  * Switch to source format 3.0 (quilt)
  * Switch to dh(1) and debhelper compat 8
  * Add missing misc:Depends.
  * Include the upstream changelog.
  * Update Debian standards version (no other changes needed).

  [ Stefano Rivera ]
  * Dropped README.source.
  * Updated freeimage (3.9.5) fixes CVE-2011-1167, CVE-2011-0192,
    CVE-2010-2595
  * Override lintian's embedded-library error for libtiff. It wasn't
    extricable.

 -- Evan Broder <email address hidden> Tue, 06 Dec 2011 14:31:21 +0200

Changed in freeimage (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers