[Touch-packages] [Bug 1679989] Re: CVE-2016-10165: heap OOB read parsing crafted ICC profile
The Precise Pangolin has reached end of life, so this bug will not be fixed for that release ** Changed in: lcms2 (Ubuntu Precise) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lcms2 in Ubuntu. https://bugs.launchpad.net/bugs/1679989 Title: CVE-2016-10165: heap OOB read parsing crafted ICC profile Status in lcms2 package in Ubuntu: Confirmed Status in lcms2 source package in Precise: Won't Fix Status in lcms2 source package in Trusty: Confirmed Status in lcms2 source package in Xenial: Confirmed Status in lcms2 source package in Zesty: Confirmed Status in lcms2 source package in Artful: Confirmed Status in lcms2 package in Debian: Fix Released Bug description: The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lcms2/+bug/1679989/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1679989] Re: CVE-2016-10165: heap OOB read parsing crafted ICC profile
** No longer affects: lcms2 (Ubuntu Yakkety) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lcms2 in Ubuntu. https://bugs.launchpad.net/bugs/1679989 Title: CVE-2016-10165: heap OOB read parsing crafted ICC profile Status in lcms2 package in Ubuntu: Confirmed Status in lcms2 source package in Precise: Confirmed Status in lcms2 source package in Trusty: Confirmed Status in lcms2 source package in Xenial: Confirmed Status in lcms2 source package in Zesty: Confirmed Status in lcms2 source package in Artful: Confirmed Status in lcms2 package in Debian: Fix Released Bug description: The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lcms2/+bug/1679989/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1679989] Re: CVE-2016-10165: heap OOB read parsing crafted ICC profile
** Also affects: lcms2 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: lcms2 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: lcms2 (Ubuntu Zesty) Importance: Undecided Status: New ** Also affects: lcms2 (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: lcms2 (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: lcms2 (Ubuntu Artful) Importance: Undecided Status: New ** Changed in: lcms2 (Ubuntu Precise) Status: New => Confirmed ** Changed in: lcms2 (Ubuntu Trusty) Status: New => Confirmed ** Changed in: lcms2 (Ubuntu Xenial) Status: New => Confirmed ** Changed in: lcms2 (Ubuntu Yakkety) Status: New => Confirmed ** Changed in: lcms2 (Ubuntu Zesty) Status: New => Confirmed ** Changed in: lcms2 (Ubuntu Artful) Status: New => Confirmed ** Changed in: lcms2 (Ubuntu Precise) Importance: Undecided => Low ** Changed in: lcms2 (Ubuntu Trusty) Importance: Undecided => Low ** Changed in: lcms2 (Ubuntu Xenial) Importance: Undecided => Low ** Changed in: lcms2 (Ubuntu Yakkety) Importance: Undecided => Low ** Changed in: lcms2 (Ubuntu Zesty) Importance: Undecided => Low ** Changed in: lcms2 (Ubuntu Artful) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lcms2 in Ubuntu. https://bugs.launchpad.net/bugs/1679989 Title: CVE-2016-10165: heap OOB read parsing crafted ICC profile Status in lcms2 package in Ubuntu: Confirmed Status in lcms2 source package in Precise: Confirmed Status in lcms2 source package in Trusty: Confirmed Status in lcms2 source package in Xenial: Confirmed Status in lcms2 source package in Yakkety: Confirmed Status in lcms2 source package in Zesty: Confirmed Status in lcms2 source package in Artful: Confirmed Status in lcms2 package in Debian: Fix Released Bug description: The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lcms2/+bug/1679989/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1679989] Re: CVE-2016-10165: heap OOB read parsing crafted ICC profile
** Changed in: lcms2 (Debian) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lcms2 in Ubuntu. https://bugs.launchpad.net/bugs/1679989 Title: CVE-2016-10165: heap OOB read parsing crafted ICC profile Status in lcms2 package in Ubuntu: New Status in lcms2 package in Debian: Fix Released Bug description: The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lcms2/+bug/1679989/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp