-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 23 Sep 2017 13:27:40 +0200 Source: jbig2dec Binary: libjbig2dec0-dev libjbig2dec0 jbig2dec Architecture: source Version: 0.13-5 Distribution: unstable Urgency: medium Maintainer: Debian Printing Team <debian-printing@lists.debian.org> Changed-By: Jonas Smedegaard <dr@jones.dk> Description: jbig2dec - JBIG2 decoder library - tools libjbig2dec0 - JBIG2 decoder library - shared libraries libjbig2dec0-dev - JBIG2 decoder library - development files Closes: 863279 Changes: jbig2dec (0.13-5) unstable; urgency=medium . * Add DEP-3 header to patch 1001. * Advertise DEP-3 format in patch headers. * Add patches cherry-picked upstream: + Fix decoder error on JBIG2 compressed image. + Tidy up unused code. + Add sanity check on image sizes. + refine test for "Denial of Service" images + Prevent SEGV due to integer overflow. + Prevent integer overflow vulnerability. + Bounds check before reading from image source data. + Plug leak of parameter info in command-line tool. + Fix memory leak in case of error. + Make clipping in image compositing handle underflow. + Fix double free in error case. + Do bounds checking of read data. + Do not grow page if page height is known. + Fix SEGV due to error code being ignored. Closes: Bug#863279; CVE-2017-9216. Thanks to Salvatore Bonaccorso. + Allow for symbol dictionary with 0 symbols. * Update watch file: Use substitution strings. * Stop put aside auto-generated header file during build: No longer shipped upstream. * Modernize cdbs: + Do copyright-check in maintainer script (not during build). + Relax to build-depend unversioned on cdbs. + Stop build-depend on licensecheck. * Declare compliance with Debian Policy 4.1.0. * Update copyright info: + Use https protocol in file format URL. + Fix rename License section AGPL-3 → AGPL-3+. * Tighten lintian overrides regarding License-Reference. Checksums-Sha1: 8f0414d51a1be00bee0b3f1ae9545ffe9b8046c6 2100 jbig2dec_0.13-5.dsc 1cf4a0a0b28f5e6ffe0dd9e3cdfa621c7217aec5 30788 jbig2dec_0.13-5.debian.tar.xz d1173e06582c8139ee22851a0abfc10f4ad026a0 7204 jbig2dec_0.13-5_amd64.buildinfo Checksums-Sha256: 9450b10caa782fdc02b2cf1f7f136ce1c25fbe48790445de82ac6ed62fd991dd 2100 jbig2dec_0.13-5.dsc d7c25acd31b24fedc4c8de2cf8a5c6d5acc00e99d78c027da2fa74f23ef246ec 30788 jbig2dec_0.13-5.debian.tar.xz fb150e72ae2ebe05fab4c1dfe12e98c50801d80c8ae63ee0e4829ba6bc60a8aa 7204 jbig2dec_0.13-5_amd64.buildinfo Files: 5d719be385cc20ff3c41b04fb87bc4d6 2100 libs optional jbig2dec_0.13-5.dsc 42f4012e11a09a077a6816517028c41c 30788 libs optional jbig2dec_0.13-5.debian.tar.xz f845153ec6002f7aea50b83563f2371e 7204 libs optional jbig2dec_0.13-5_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlnGRXcACgkQLHwxRsGg ASElEQ/9Fo5K4pEQkBUFcJuhXx+l/XXVKJItqNYhsamZec9M7JUhiKSbr0dmt+R1 c5c9ZI3QvXkS+Vlj19MQWVjXpDEGlzJAgPKlYzBNIPSVHgFN/A83wL8thIzk9w4q gzftvUrUkyyM1XLb7I7mZYVl2ei0ah5xrFlQphGu6pySj6TGIMSQ4yh5q1nP7CGi wmkkQGX2BlBpwGR87h/li3nqji7MhbibCcAMW+tQHZlu1V9bIlN63WOeT8pw5qQp mXPyiowiqvbSE1oS5H7GL/R8R2vQZoZ79REJ345+GotHiq5jBdICLo9FEHaWuZD+ Vd2afhdynsN5sZmnti2V9cYWpmyYsr378FrIWBMhg4tAsntuCppdEoo5n+A7n6iW XyEvAtaiOjTPWT5oM8AWmDCs1mvhNFw8GTOARrzqH0eTSUI7R5loNDS95XRLaDuZ zuufcEjpY+poWf4cyItPK1vPRl9aBjuf1GB3SrA3fYhlO7C9dlVv5/pe+vpOlpLz fFwCIhcnmnm2Oy5hKB/uvS3ldZmz2bygU4vUuyRClNEYzTbu34DGuf09Fhr6qH+4 rdsFwp+xlqgEHCjD9cEZUzDHthQb57k15iQk4d5WfrIVcBfn0+SaqzAFMJGvJlCU KFQ8mP0y+uuYuqKT78noFl4DImIFOD0S2opOU8M3lPd8nOQWMf8= =6cJq -----END PGP SIGNATURE-----