group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1679989] Re: CVE-2016-10165: heap OOB read parsing crafted ICC profile

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Steve Langasek <1679989@xxxxxxxxxxxxxxxxxx>
Date: Thu, 14 Oct 2021 01:36:41 -0000
Reply-to: Bug 1679989 <1679989@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

The Precise Pangolin has reached end of life, so this bug will not be
fixed for that release

** Changed in: lcms2 (Ubuntu Precise)
       Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1679989

Title:
  CVE-2016-10165: heap OOB read parsing crafted ICC profile

Status in lcms2 package in Ubuntu:
  Confirmed
Status in lcms2 source package in Precise:
  Won't Fix
Status in lcms2 source package in Trusty:
  Confirmed
Status in lcms2 source package in Xenial:
  Confirmed
Status in lcms2 source package in Zesty:
  Confirmed
Status in lcms2 source package in Artful:
  Confirmed
Status in lcms2 package in Debian:
  Fix Released

Bug description:
  The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2)
  allows remote attackers to obtain sensitive information or cause a
  denial of service via an image with a crafted ICC profile, which
  triggers an out-of-bounds heap read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lcms2/+bug/1679989/+subscriptions