Public bug reported:
Ubuntu Nobble is currently at ogdi 4.1.1+ds-3, but Debian has just
applied in https://salsa.debian.org/debian-gis-team/ogdi-
dfsg/-/commit/bd47d6548f066cb5237d82735a2ce4b58caf595d for 4.1.1+ds-4,
that fixes an issue with a wrong path written in libogdi that prevents
it from
Turning that as a security issue, as this could cause a denial of
service in a situation where a long living process would get exposed to
broken images
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
Public bug reported:
Package:
ii libpng16-16:amd64 1.6.37-2
amd64PNG library - runtime (version 1.6)
$ lsb_release -a
LSB Version:core-11.1.0ubuntu2-noarch:security-11.1.0ubuntu2-noarch
Distributor ID: Ubuntu
** Attachment added: "Reproducer for memory leak"
https://bugs.launchpad.net/ubuntu/+source/libpng1.6/+bug/1960326/+attachment/5559713/+files/clusterfuzz-testcase-minimized-gdal_filesystem_fuzzer-5278568668594176
--
You received this bug notification because you are a member of Ubuntu
Bugs,
@mdelsaur Thanks for the prompt fixes. I confirm they fix the issues I
had observed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1905741
Title:
poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15
** Information type changed from Public Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1905741
Title:
poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates
break
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1905741
Title:
poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates
break
Public bug reported:
The security updates 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 break the
Splash output rendering, for example if using the xpdf utility that
relies on Poppler splash output, or as used by the GDAL library (the
issue was detected due to breakage in GDAL continuous integration
Will there be a security package with the patch ?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700937
Title:
Heap-buffer overflow in nodeAcquire
To manage notifications about this bug go to:
@seth There's an error regarding the SQLite version number in the CVE
text. It should read "in SQLite before 3.17.0" (and not 3.11.0)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700937
Title:
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700937
Title:
Heap-buffer overflow in nodeAcquire
To manage notifications about
** Attachment added: "Updated debian/series file with
CVE-2016-9297_and_CVE-2016-9448_correct.patch"
https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1670036/+attachment/4850345/+files/series
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Patch added: "Patch that should replace CVE-2016-9297.patch and
CVE-2016-9448.patch"
https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1670036/+attachment/4850336/+files/CVE-2016-9297_and_CVE-2016-9448_correct.patch
--
You received this bug notification because you are a member of
I'm attaching a new patch CVE-2016-9297_and_CVE-2016-9448_correct.patch
that should be used in replacement of (so, *not* on top of)
CVE-2016-9297.patch and CVE-2016-9448.patch
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9297
** CVE added: http://www.cve.mitre.org/cgi-
There's no change regarding KML. Both drivers KML and LIBKML exist.
There LIBKML is normally the first one to be tried when iterating over
drivers, hence the LIBKML name being reported
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Public bug reported:
Ubuntu 10.04.4 LTS x86_64
ii libsqlite3-0 3.6.22-1
SQLite 3 shared library
ii sqlite3 3.6.22-1
A command line
Bug has been fixed in upstream libtiff CVS. See
http://bugzilla.maptools.org/show_bug.cgi?id=2297#c10
Please provide updated packages with that regression fix. Thanks
** Bug watch added: bugzilla.maptools.org/ #2297
http://bugzilla.maptools.org/show_bug.cgi?id=2297
--
You received this bug
Public bug reported:
The * SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in Fax4Decode
- debian/patches/CVE-2011-0192.patch: check length in
libtiff/tif_fax3.h.
- CVE-2011-0192 causes a regression when reading CCITFAX4 compressed
TIFF file
This is/was not a Ubuntu packaging bug but a core GDAL one. It works for
sure with latest GDAL SVN trunk, maybe with 1.7.1, but the various fixes
done recently as http://trac.osgeo.org/gdal/ticket/3386 are related so
latest trunk is probably needed.
** Bug watch added: trac.osgeo.org/gdal/ #3386
Likely a duplicate of
https://bugs.launchpad.net/ubuntu/+source/gdal/+bug/271670
--
ogrinfo assert failure: *** buffer overflow detected ***: ogrinfo terminated
https://bugs.launchpad.net/bugs/459178
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
See also http://trac.osgeo.org/gdal/ticket/3223
** Bug watch added: trac.osgeo.org/gdal/ #3223
http://trac.osgeo.org/gdal/ticket/3223
--
Disable stack protector for gdal
https://bugs.launchpad.net/bugs/344751
You received this bug notification because you are a member of Ubuntu
Bugs, which
Additionnal ticket and fix for similar issue (buffer overflow triggered
by -D_FORTIFY_SOURCE=2) : http://trac.osgeo.org/gdal/ticket/3223
** Bug watch added: trac.osgeo.org/gdal/ #3223
http://trac.osgeo.org/gdal/ticket/3223
--
Please sync gdal 1.5.2-3 (universe) from Debian unstable (main).
I just wanted to rectify Jay's statement about BigTIFF support in
libtiff. BigTIFF support will appear in libtiff 4.0, and not in 3.9.0.
BigTIFF support requires ABI changes (the toff_t typedef is increased to
be 64bit instead of 32bit), so it couldn't make into the 3.X branch of
libtiff.
--
I'd like to insist that such problems should also be reported to gdal
trac system (http://trac.osgeo.org/gdal) and gdal-dev mailing list,
otherwise they have a high chance getting unnoticed ! This one got fixed
almost by chance...
--
Disable stack protector for gdal
I forgot to mention that I also had to add the following section into
/etc/X11/xorg.conf
Section Extensions
Option Composite 0
EndSection
--
Edgy Eft - fglrx module not started
https://launchpad.net/bugs/57716
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
I'm using Edgy, 64 bit version. I upgraded from Dapper where I could never get
fglrx work.
After the update to Edgy, it didn't work better.
First because the module fglrx wasn't loaded.
After loading it, glxinfo was using Mesa.
LIBGL_DEBUG=verbose glxinfo showed that it was looking for
Is this bug taken into account ?
I can give you more information if needed.
--
amd64 fglrx No matching visual for __GLcontextMode
https://launchpad.net/bugs/48596
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
I created a bug for a similar problem a few weaks ago : [Bug 48596]
amd64 fglrx No matching visual for __GLcontextMode
In my case, the problem occurs even with a regular X server not XGL.
--
Errors __GLcontextMode in x86_64 version of fglrx drivers
https://launchpad.net/bugs/37980
--
28 matches
Mail list logo
