Package: lcms2 / 2.8-4+deb9u1

Metadata

Package Version Patches format
lcms2 2.8-4+deb9u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
prepare for libtoolizing.patch | (download)

configure.ac | 9 9 + 0 - 0 !
testbed/Makefile.am | 2 1 + 1 - 0 !
utils/transicc/Makefile.am | 2 1 + 1 - 0 !
3 files changed, 11 insertions(+), 2 deletions(-)

 link transicc and testbed binaries against libmath
 The bug fix for Debian bug #745748 (introduction of ppc64el) requires running
 libtool at build time. This results in some unresolved sybmols due to a missing
 linkage to libmath.
dont write uninitialized memory for color strings.patch | (download)

src/cmstypes.c | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 zero named color strings before writing them
 For each named colors (namedColor2Type) a prefix, a suffix and the
 color root name get written. These three strings are 32-characters long.
 In order to avoid capturing unitialized memory—which is not good for
 privacy and prevent getting the same bytes for the same profile—the
 placeholder allocated on the stack are zero'ed before a copy of the
 actual string is made.
 .
lcms2 fix strFrom16 byte order.patch | (download)

src/cmsnamed.c | 16 4 + 12 - 0 !
1 file changed, 4 insertions(+), 12 deletions(-)

 fix endianness regression from 2.7 to 2.8
fix CVE 2016 10165.patch | (download)

src/cmstypes.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 fix for cve-2016-10165
 Fixes an out-of-bounds read in Type_MLU_Read()
CVE 2018 16435.patch | (download)

src/cmscgats.c | 12 9 + 3 - 0 !
1 file changed, 9 insertions(+), 3 deletions(-)

---