FYI, Ubuntu fixed this here: http://www.ubuntu.com/usn/usn-1911-1/
Attached is the debdiff used for Ubuntu 12.04 LTS, which is based on Debian's 2.2+git20110628-2. -- Jamie Strandboge http://www.ubuntu.com/
diff -Nru lcms2-2.2+git20110628/debian/changelog lcms2-2.2+git20110628/debian/changelog --- lcms2-2.2+git20110628/debian/changelog 2011-10-18 11:22:46.000000000 -0500 +++ lcms2-2.2+git20110628/debian/changelog 2013-07-01 11:51:05.000000000 -0500 @@ -1,3 +1,15 @@ +lcms2 (2.2+git20110628-2ubuntu3.1) precise-security; urgency=low + + * SECURITY UPDATE: incorporate IcedTea fixes for lcms (LP: #1196517) + - debian/patches/ojdk-8007925+8007926.patch: Improve + cmsStageAllocLabV2ToV4curves. Improve cmsPipelineDup. + - debian/patches/ojdk-8007927.patch: Improve + cmsAllocProfileSequenceDescription. + - debian/patches/ojdk-8007929.patch: Improve CurvesAlloc. + - debian/patches/ojdk-8009654.patch: Improve stability of cmsnamed. + + -- Jamie Strandboge <ja...@ubuntu.com> Mon, 01 Jul 2013 11:50:56 -0500 + lcms2 (2.2+git20110628-2ubuntu3) precise; urgency=low * Rebuild for libjpeg8. diff -Nru lcms2-2.2+git20110628/debian/control lcms2-2.2+git20110628/debian/control --- lcms2-2.2+git20110628/debian/control 2011-08-28 06:42:58.000000000 -0500 +++ lcms2-2.2+git20110628/debian/control 2013-07-01 11:51:12.000000000 -0500 @@ -1,7 +1,8 @@ Source: lcms2 Section: libs Priority: optional -Maintainer: Oleksandr Moskalenko <ma...@debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> +XSBC-Original-Maintainer: Oleksandr Moskalenko <ma...@debian.org> Build-Depends: debhelper (>= 7.0.50~), autotools-dev, libjpeg-dev, libtiff4-dev, zlib1g-dev, quilt Standards-Version: 3.9.2 Homepage: http://www.littlecms.com/ diff -Nru lcms2-2.2+git20110628/debian/patches/ojdk-8007925+8007926.patch lcms2-2.2+git20110628/debian/patches/ojdk-8007925+8007926.patch --- lcms2-2.2+git20110628/debian/patches/ojdk-8007925+8007926.patch 1969-12-31 18:00:00.000000000 -0600 +++ lcms2-2.2+git20110628/debian/patches/ojdk-8007925+8007926.patch 2013-07-01 12:08:48.000000000 -0500 @@ -0,0 +1,28 @@ +# HG changeset patch +# Date 1364497268 -14400 +# Node ID 56f01b89d8b8f7e2cbc651dccbd904b45698be24 +# Parent 09c14ca57ff092cd304a4e29f9398176255a72ab +8007925: Improve cmsStageAllocLabV2ToV4curves +8007926: Improve cmsPipelineDup + +Index: lcms2-2.2+git20110628/src/cmslut.c +=================================================================== +--- lcms2-2.2+git20110628.orig/src/cmslut.c 2011-06-27 23:20:02.000000000 -0500 ++++ lcms2-2.2+git20110628/src/cmslut.c 2013-07-01 10:51:20.000000000 -0500 +@@ -980,6 +980,7 @@ + mpe = cmsStageAllocToneCurves(ContextID, 3, LabTable); + cmsFreeToneCurveTriple(LabTable); + ++ if (mpe == NULL) return mpe; + mpe ->Implements = cmsSigLabV2toV4; + return mpe; + } +@@ -1291,6 +1292,8 @@ + if (lut == NULL) return NULL; + + NewLUT = cmsPipelineAlloc(lut ->ContextID, lut ->InputChannels, lut ->OutputChannels); ++ if (NewLUT == NULL) return NULL; ++ + for (mpe = lut ->Elements; + mpe != NULL; + mpe = mpe ->Next) { diff -Nru lcms2-2.2+git20110628/debian/patches/ojdk-8007927.patch lcms2-2.2+git20110628/debian/patches/ojdk-8007927.patch --- lcms2-2.2+git20110628/debian/patches/ojdk-8007927.patch 1969-12-31 18:00:00.000000000 -0600 +++ lcms2-2.2+git20110628/debian/patches/ojdk-8007927.patch 2013-07-01 12:08:48.000000000 -0500 @@ -0,0 +1,22 @@ +# HG changeset patch +# User bae +# Date 1363852330 -14400 +# Node ID 4047e9efcbd0966d8cc15d51f9b25ae5b141e239 +# Parent a7299af2af32c38eef541180e26f4aac7d79bff8 +8007927: Improve cmsAllocProfileSequenceDescription + +Index: lcms2-2.2+git20110628/src/cmsnamed.c +=================================================================== +--- lcms2-2.2+git20110628.orig/src/cmsnamed.c 2013-07-01 11:02:26.000000000 -0500 ++++ lcms2-2.2+git20110628/src/cmsnamed.c 2013-07-01 11:03:56.000000000 -0500 +@@ -698,6 +702,10 @@ + Seq -> seq = (cmsPSEQDESC*) _cmsCalloc(ContextID, n, sizeof(cmsPSEQDESC)); + Seq -> n = n; + ++ if (Seq -> seq == NULL) { ++ _cmsFree(ContextID, Seq); ++ return NULL; ++ } + + for (i=0; i < n; i++) { + Seq -> seq[i].Manufacturer = NULL; diff -Nru lcms2-2.2+git20110628/debian/patches/ojdk-8007929.patch lcms2-2.2+git20110628/debian/patches/ojdk-8007929.patch --- lcms2-2.2+git20110628/debian/patches/ojdk-8007929.patch 1969-12-31 18:00:00.000000000 -0600 +++ lcms2-2.2+git20110628/debian/patches/ojdk-8007929.patch 2013-07-01 12:08:48.000000000 -0500 @@ -0,0 +1,27 @@ +# HG changeset patch +# User bae +# Date 1363852924 -14400 +# Node ID 2c71b4f2104b4951376604d50d5ecd176cd5acc7 +# Parent 4047e9efcbd0966d8cc15d51f9b25ae5b141e239 +8007929: Improve CurvesAlloc + +Index: lcms2-2.2+git20110628/src/cmsopt.c +=================================================================== +--- lcms2-2.2+git20110628.orig/src/cmsopt.c 2013-07-01 10:54:09.000000000 -0500 ++++ lcms2-2.2+git20110628/src/cmsopt.c 2013-07-01 10:54:09.000000000 -0500 +@@ -1135,6 +1135,15 @@ + for (i=0; i < nCurves; i++) { + + c16->Curves[i] = _cmsCalloc(ContextID, nElements, sizeof(cmsUInt16Number)); ++ if (c16->Curves[i] == NULL) { ++ for (j=0; j < i; j++) { ++ _cmsFree(ContextID, c16->Curves[j]); ++ } ++ _cmsFree(ContextID, c16->Curves); ++ _cmsFree(ContextID, c16); ++ ++ return NULL; ++ } + + if (nElements == 256) { + diff -Nru lcms2-2.2+git20110628/debian/patches/ojdk-8009654.patch lcms2-2.2+git20110628/debian/patches/ojdk-8009654.patch --- lcms2-2.2+git20110628/debian/patches/ojdk-8009654.patch 1969-12-31 18:00:00.000000000 -0600 +++ lcms2-2.2+git20110628/debian/patches/ojdk-8009654.patch 2013-07-01 12:08:48.000000000 -0500 @@ -0,0 +1,40 @@ +# HG changeset patch +# User bae +# Date 1364538631 -14400 +# Node ID 8718da8c36f3c265f4ee3a3410ed7e9b116283a7 +# Parent cc656d61e7135d43cd8908a8ef8ceae66ca0d462 +8009654: Improve stability of cmsnamed + +Index: lcms2-2.2+git20110628/src/cmsnamed.c +=================================================================== +--- lcms2-2.2+git20110628.orig/src/cmsnamed.c 2013-07-01 11:43:05.000000000 -0500 ++++ lcms2-2.2+git20110628/src/cmsnamed.c 2013-07-01 11:44:10.000000000 -0500 +@@ -488,8 +488,10 @@ + while (v -> Allocated < n) + GrowNamedColorList(v); + +- strncpy(v ->Prefix, Prefix, sizeof(v ->Prefix)); +- strncpy(v ->Suffix, Suffix, sizeof(v ->Suffix)); ++ strncpy(v ->Prefix, Prefix, sizeof(v ->Prefix) - 1); ++ strncpy(v ->Suffix, Suffix, sizeof(v ->Suffix) - 1); ++ v->Prefix[sizeof(v ->Prefix) - 1] = v->Suffix[sizeof(v ->Suffix) - 1] = 0; ++ + v -> ColorantCount = ColorantCount; + + return v; +@@ -543,10 +545,12 @@ + for (i=0; i < 3; i++) + NamedColorList ->List[NamedColorList ->nColors].PCS[i] = PCS == NULL ? 0 : PCS[i]; + +- if (Name != NULL) ++ if (Name != NULL) { + strncpy(NamedColorList ->List[NamedColorList ->nColors].Name, Name, +- sizeof(NamedColorList ->List[NamedColorList ->nColors].Name)); +- else ++ sizeof(NamedColorList ->List[NamedColorList ->nColors].Name) - 1); ++ NamedColorList ->List[NamedColorList ->nColors]. ++ Name[sizeof(NamedColorList ->List[NamedColorList ->nColors].Name) - 1] = 0; ++ } else + NamedColorList ->List[NamedColorList ->nColors].Name[0] = 0; + + diff -Nru lcms2-2.2+git20110628/debian/patches/series lcms2-2.2+git20110628/debian/patches/series --- lcms2-2.2+git20110628/debian/patches/series 2011-08-28 06:59:33.000000000 -0500 +++ lcms2-2.2+git20110628/debian/patches/series 2013-07-01 12:09:15.000000000 -0500 @@ -3,3 +3,7 @@ debian-changes-2.2+git20110628-1 debian-changes-2.2+git20110628-2 debian-changes-2.2+git20110628-2ubuntu2 +ojdk-8007925+8007926.patch +ojdk-8007927.patch +ojdk-8007929.patch +ojdk-8009654.patch
signature.asc
Description: OpenPGP digital signature
