Releases: saitoha/libsixel
v1.8.6 build fixes
v1.8.5 security update
-
Security fix for CVE-2019-20205 (#127), integer overflow problem,
reported by @sleicasper. -
Security fix for CVE-2019-20056 (#126), assertion failure problem,
reported by @sleicasper. -
Security fix for CVE-2019-20094 (#125), heap overflow problem,
reported by @cuanduo. -
Security fix for #124, illegal longjump() call problem,
reported by @cuanduo. -
Serucity fix for #74 and #123, access violation problem,
reported by @hongxuchen and SuhwanSong. -
Security fix for #122, heap overflow problem,
reported by @SuhwanSong. -
Security fix for CVE-2019-20023(#117, #119, #120), memory leaks problem,
reported by @SuhwanSong and @gutiniao. -
Strip first flag check in LZW compression function for issue #118,
reported by @yoichi
For more details, see below summary of vulnerabilities.
| No. | assigned CVE | PR | patch | status | fixed on | comment |
|---|---|---|---|---|---|---|
| #67 | CVE-2018-14072 CVE-2018-14073 | - | f94bc6f 84ed0bc | resolved | v1.8.2 | |
| #68 | - | - | 6a19d99 94a647c | resolved | v1.8.2 | |
| #69 | - | - | 0d70e04 | resolved | v1.8.2 | |
| #70 | - | - | 438188c | resolved | v1.8.2 | |
| #71 | - | - | 01c0bad ba21bb9 | resolved | v1.8.2 | |
| #72 | - | - | 570d6ae | released | v1.8.3 | |
| #73 | - | - | cb373ab 26ac06f | resolved | v1.8.4 | |
| #74 | - | - | 0b1e0b3 | resolved | v1.8.5 | |
| #75 | - | - | 7808a06 | resolved | v1.8.3 | |
| #76 | - | - | e3a4c0e 3c071b9 d7b2600 197d025 | partially resolved | partially fixed on v1.8.3 | |
| #77 | CVE-2018-19759 | #98 | 5f64fb1 | resolved | v1.8.3 | |
| #78 | CVE-2018-19761 | (#106) | (1377517) | resolved | v1.8.3 | *same as #105 |
| #79 | CVE-2018-19757 | #91 #94 | e903c93 a53c872 | resolved | v1.8.3 | |
| #80 | CVE-2018-19756 | #93 | d6e34fc | resolved | v1.8.3 | |
| #81 | CVE-2018-19762 | #92 | 9861272 | resolved | v1.8.3 | |
| #82 | CVE-2018-19763 | #95 | 614e761 | resolved | v1.8.3 | |
| #83 | CVE-2019-3573 CVE-2019-3574 | #99 | 9c013f2 68ecbc1 | resolved | v1.8.3 | |
| #85 | CVE-2019-11024 | - | b418f35 | resolved | v1.8.4 | |
| #88 | - | - | 7808a06 | resolved | v1.8.3 | |
| #89 | - | - | a516125 | resolved | v1.8.4 | |
| #90 | - | - | (1377517) | resolved | v1.8.3 | *same as #105 |
| #97 | - | - | (1377517) | resolved | v1.8.3 | *same as #105 |
| #102 | CVE-2019-19638 | #106 | e17c076 | resolved | v1.8.3 | |
| #103 | CVE-2019-19635 | #106 | 1377517 | resolved | v1.8.3 | |
| #104 | CVE-2019-19636 | #106 | bf46a7b | resolved | v1.8.3 | |
| #105 | CVE-2019-19637 | #106 | 1377517 | resolved | v1.8.3 | |
| #107 | - | - | 1d35033 | resolved | v1.8.4 | |
| #108 | (CVE-2019-19638) | (#106) | (e17c076) | resolved | v1.8.3 | *same as #102 |
| #109 | CVE-2019-19777 | (#93) | (d6e34fc) | resolved | v1.8.3 | *same as #80 |
| #110 | CVE-2019-19778 | (#95) | (614e761) | resolved | v1.8.3 | *same as #82 |
| #111 | - | (#106) | (1377517) | resolved | v1.8.3 | *same as #105 |
| #113 | - | (#93) | (aac1df6) | resolved | v1.8.3 | *same as #80 |
| #114 | - | - | (9d0a7ff) | resolved | v1.8.4 | *same as #116 |
| #116 | - | - | 9d0a7ff | resolved | v1.8.4 | |
| #117 | CVE-2019-20023 | - | b9a4175 | resolved | v1.8.5 | |
| #118 | - | - | 6367d2f | resolved | v1.8.4 | |
| #119 | (CVE-2019-20023) | - | b9a4175 | resolved | 1.8.5 | *same as #117 |
| #120 | (CVE-2019-20023) | - | b9a4175 | resolved | 1.8.5 | *same as #117 |
| #121 | - | (6367d2f) | resolved | v1.8.4 | *same as #118 | |
| #122 | - | 598c8c8 | resolved | v1.8.5 | ||
| #123 | - | (0b1e0b3) | resolved | v1.8.5 | *same as #74 | |
| #124 | - | c1ef812 | resolved | v1.8.5 | ||
| #125 | CVE-2019-20094 | a18b378 | resolved | v1.8.5 | ||
| #126 | CVE-2019-20096 | 814f831 | resolved | v1.8.5 | ||
| #127 | CVE-2019-20095 | 5543354 | resolved | v1.8.5 |
v1.8.4 security update
-
Security fix for CVE-2019-11024 (#85), recursive loop problem,
reported by @Loginsoft-Research. -
Security fix for #73, illegal memory access problem,
reported by @hongxuchen. -
Security fix for #89, core dumped issue,
reported by @niugx. -
Security fix for #107, large memory allocation problem,
reported by @cuanduo. -
Security fix for #114, heap-buffer-overflow problem,
reported by @SuhwanSong. -
Security fix for #116, heap-buffer-overflow problem,
reported by @SuhwanSong. -
Security fix for #118, heap-buffer-overflow problem,
reported by @SuhwanSong. -
Security fix for #121, heap-buffer-overflow problem,
reported by @gutiniao
For more details, see below summary of vulnerabilities.
| No. | assigned CVE | PR | patch | status | fixed on | comment |
|---|---|---|---|---|---|---|
| #67 | CVE-2018-14072 CVE-2018-14073 | - | f94bc6f 84ed0bc | resolved | v1.8.2 | |
| #68 | - | - | 6a19d99 94a647c | resolved | v1.8.2 | |
| #69 | - | - | 0d70e04 | resolved | v1.8.2 | |
| #70 | - | - | 438188c | resolved | v1.8.2 | |
| #71 | - | - | 01c0bad ba21bb9 | resolved | v1.8.2 | |
| #72 | - | - | 570d6ae | released | v1.8.3 | |
| #73 | - | - | cb373ab 26ac06f | resolved | v1.8.4 | |
| #74 | - | - | - | not resolved | - | |
| #75 | - | - | 7808a06 | resolved | v1.8.3 | |
| #76 | - | - | e3a4c0e 3c071b9 d7b2600 197d025 | partially resolved | partially fixed on v1.8.3 | |
| #77 | CVE-2018-19759 | #98 | 5f64fb1 | resolved | v1.8.3 | |
| #78 | CVE-2018-19761 | (#106) | (1377517) | resolved | v1.8.3 | *same as #105 |
| #79 | CVE-2018-19757 | #91 #94 | e903c93 a53c872 | resolved | v1.8.3 | |
| #80 | CVE-2018-19756 | #93 | d6e34fc | resolved | v1.8.3 | |
| #81 | CVE-2018-19762 | #92 | 9861272 | resolved | v1.8.3 | |
| #82 | CVE-2018-19763 | #95 | 614e761 | resolved | v1.8.3 | |
| #83 | CVE-2019-3573 CVE-2019-3574 | #99 | 9c013f2 68ecbc1 | resolved | v1.8.3 | |
| #85 | CVE-2019-11024 | - | b418f35 | resolved | v1.8.4 | |
| #88 | - | - | 7808a06 | resolved | v1.8.3 | |
| #89 | - | - | a516125 | resolved | v1.8.4 | |
| #90 | - | - | (1377517) | resolved | v1.8.3 | *same as #105 |
| #97 | - | - | (1377517) | resolved | v1.8.3 | *same as #105 |
| #102 | CVE-2019-19638 | #106 | e17c076 | resolved | v1.8.3 | |
| #103 | CVE-2019-19635 | #106 | 1377517 | resolved | v1.8.3 | |
| #104 | CVE-2019-19636 | #106 | bf46a7b | resolved | v1.8.3 | |
| #105 | CVE-2019-19637 | #106 | 1377517 | resolved | v1.8.3 | |
| #107 | - | - | 1d35033 | resolved | v1.8.4 | |
| #108 | (CVE-2019-19638) | (#106) | (e17c076) | resolved | v1.8.3 | *same as #102 |
| #109 | CVE-2019-19777 | (#93) | (d6e34fc) | resolved | v1.8.3 | *same as #80 |
| #110 | CVE-2019-19778 | (#95) | (614e761) | resolved | v1.8.3 | *same as #82 |
| #111 | - | (#106) | (1377517) | resolved | v1.8.3 | *same as #105 |
| #113 | - | (#93) | (aac1df6) | resolved | v1.8.3 | *same as #80 |
| #114 | - | - | (9d0a7ff) | resolved | v1.8.4 | *same as #116 |
| #116 | - | - | 9d0a7ff | resolved | v1.8.4 | |
| #117 | - | - | b9a4175 | patched | - | |
| #118 | - | - | 6367d2f | resolved | v1.8.4 | |
| #119 | - | - | b9a4175 | patched | - | *same as #117 |
| #120 | - | - | b9a4175 | patched | - | *same as #117 |
| #121 | - | (6367d2f) | resolved | v1.8.4 | *same as |
Security fix release
-
Security fix for CVE-2018-19757 (#79), NULL pointer dereference problem,
reported by @nluedtke and fixed by @knok (#91, #94). -
Security fix for CVE-2018-19762 (#81), heap-based buffer overflow problem,
reported by @nluedtke and fixed by @knok (#92). -
Security fix for CVE-2018-19756 (#80), heap-based buffer over-read problem,
reported by @nluedtke and fixed by @knok (#93). -
Security fix for CVE-2018-19763 (#82, reported by @nluedtke) and CVE-2019-19778 (#110, reported by @SuhwanSong),
heap-based buffer over-read problem, fixed by @knok (#95). -
Security fix for CVE-2018-19761, illegal address access, fixed by @knok (#96).
-
Security fix for CVE-2018-19759, heap-based buffer over-read problem, fixed by @knok (#98).
-
Security fix for CVE-2019-3753 (#83), infinite loop problem,
reported by @cool-tomato and fixed by @knok (#99). -
Security fix for CVE-2018-19759 (#102),
heap-based buffer over-read that will cause a denial of service.
reported and fixed by @YourButterfly. (#106) -
Security fix for CVE-2019-19635 (#103), heap-based buffer overflow,
reported and fixed by @YourButterfly. (#106) -
Security fix for CVE-2019-19636 (#104) and CVE-2019-19637 (#105), integer overflow problem.
reported and fixed by @YourButterfly. (#106) -
gif loader: check LZW code size (Issue #75), Thanks to @hongxuchen.
7808a06 -
core: Fix a global-buffer-overflow problem (Issue #72), Thanks to @fgeek.
c868b59 -
core: Fix unexpected hangs/performance issues (Issue #76), Thanks to @hongxuchen.
88561b7
2d3d9ff
c9363cd
v1.8.2
This release provides some security updates.
libsixel-1.8.1 Bug-fix release
v1.8.1 includes an important bug fix.
600f122
libsixel-1.8 released
------------------------------
What's new in libsixel-1.8 ?
------------------------------
-
core: Upgrade stb_image to 2.19.
-
core: Introduce new dithering method, a_dither / x_dither (http://pippin.gimp.org/a_dither/).
Thanks to @hodefoting.
#53 -
core: Fix wrong HLS color handling.
0fb35d2 -
core: Improve quality of 15bpp(hi-color mode) dither.
42f3428 -
img2sixel: Allow a deferred clear code in a GIF format
GIF decoder must do nothing when the table is full.
See Section "DEFERRED CLEAR CODE IN LZW COMPRESSION" in
https://www.w3.org/Graphics/GIF/spec-gif89a.txt.
Thanks to @mame.
#63 -
img2sixel: Marks -D option (read source images from stdin continuously) as deprecated
9c8ffa6 -
Some bug fixes and minor improvements.
Thanks to @set135, @ttdoda. -
Announcement for package maintainers:
Immutable tarball is provided, because GitHub auto-generated tarball may be not immutable.https://github.com/saitoha/libsixel/releases/download/v1.8.0/libsixel-1.8.0.tar.gz
For details, see #64 .
v1.7.3
We additionally provide immutable tarball:
https://github.com/saitoha/libsixel/releases/download/v1.7.3/libsixel-1.7.3.tar.gz
According to Issue #64, GitHub auto-generated tarball(https://github.com/saitoha/libsixel/archive/v1.7.3.tar.gz) may be not immutable.