"io-xpm.c in the gdk-pixbuf XPM image rendering library allows attackers
to cause a denial of service (infinite loop) via a crafted XPM image
with a large number of colors."
"Integer overflow in io-xpm.c in gdk-pixbuf allows attackers to cause a
denial of service (crash) or execute arbitrary code via an XPM file with
large height, width, and colour values, a different vulnerability than
CVE-2005-3186."
"Integer overflow in the gdk-pixbuf XPM image rendering library allows
attackers to execute arbitrary code via an XPM file with a number of
colors that causes insufficient memory to be allocated, which leads to
a heap-based buffer overflow."
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2975http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2976http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186
"David Costanzo has reported a vulnerability in GdkPixbuf, which can be
exploited by malicious people to crash certain applications on a user's
system.
The vulnerability is caused due to a double free error in the BMP loader.
This can be exploited to crash an application linked against GdkPixbuf
when a specially crafted BMP image is processed."
Bump PKGREVISION. Patch from Fedora.
Schwarz tried to compile it with a compiler that errors out when the code
does something as pointless as checking if a pointer is positive.
PR#28889 and http://bugzilla.gnome.org/show_bug.cgi?id=156186
generated files.
(Not portability) changes since 0.18:
* Made the GIF loader handle animations with frames whose bounds go outside
of the base image's bounds (Federico).
* Made the GIF loader handle zero-sized frames that GifBuilder and
similar crap spits sometimes (Federico).
* The PNM loader doesn't abort() anymore if it cannot allocate memory
(Federico).
* Fixed a g_object_unref() -> gdk_pixbuf_unref() thinko (Federico).
* Merged the patch from Red Hat Linux 8.0 to fix the crash on
corrupted/short GIFs - Ximian 29040 (patch by Elliot Lee).
* Fixed the RGB 565 LSB -> MSB case in gdk-pixbuf-drawable - 79463
(Federico).
* Fixed the update region notification in the BMP loader (Federico).
* Merged the BMP loader changes from GTK+ HEAD -- check all reallocs,
fix 16bpp BI_RGB thinko, properly handle BI_RLE4 and skips and jumps
(changes by Matthias Clasen).
* Merged the ICO loader changes from GTK+ HEAD (changes by Matthias
Clasen).
* Merged changes from gtk+/gdk-pixbuf HEAD into the JPEG loader --
fixes CMYK JPEG problems (changes by Matthias Clasen).
-being here, update to 0.18.0
changes:
* Fixed the RGB 565 MSB -> MSB case in gdk-pixbuf-drawable - #79190
* Fixed alignment issues in the BMP loader - #84083 (Federico).
* Merged pixops.c from GTK+ HEAD as of 2002/Jun/18 (Federico).
buildlink2.mk files back into the main trunk. This provides sufficient
buildlink2 infrastructure to start merging other packages from the
buildlink2 branch that have already been converted to use the buildlink2
framework.
* Merged the endianness conversion fixes from the GDK version into the
Xlib version; oops (Federico).
* Merged fixes from GTK+ 2.0
* Minor documentation improvements (Federico).
* Fixed endianness conversion in the 16-bit gdk-pixbuf-drawable
functions (Federico).
* Minor fixes for the IBM/AIX compiler (Christian Schaller).
* The image loaders are now linked against the pixbuf and GTK+
libraries so that the Python bindings work (Johan Dahlin).
* Backported the BMP loader from GTK+ 1.3 (Federico).
* Added support for BI_BITFIELDS coding to the BMP loader [Ximian bug
#12125] (Federico).
* Fixed stupid bug in the ICO loader. ICO pixbufs should always have
an alpha channel [Ximian bug #11224]. (Federico)
* Slight tweaks to the documentation Makefile. (Federico)
* Added support for 16-bpp BMPs and ICOs (Federico).
* Added support for 32-bpp ICOs (Federico).
* Use the correct visual and colormap for the pixbuf-demo widgets
* Install the headers in a versioned directory so that they don't
collide with the GNOME 2 platform (Havoc).
* Made the GdkPixbufLoader headers usable by C++ compilers by
replacing "private" with "priv"
* Replaced the documentation Makefile with one similar to that in GTK+
HEAD
