-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 19 Dec 2019 13:48:20 +0100 Source: libjpeg-turbo Architecture: source Version: 1:2.0.3-1~exp1 Distribution: experimental Urgency: medium Maintainer: Ondřej Surý <ondrej@debian.org> Changed-By: Mike Gabriel <sunweaver@debian.org> Changes: libjpeg-turbo (1:2.0.3-1~exp1) experimental; urgency=medium . * New upstream release. - CVE-2019-2201: TurboJPEG: Properly handle gigapixel images Prevent several integer overflow issues and subsequent segfaults that occurred when attempting to compress or decompress gigapixel images with the TurboJPEG API. 64-bit tjbench: Fix signed int overflow/segfault. * debian/patches: + Cherry-pick 0001_CVE-2019-2201-followup.patch from upstream. 64-bit tjbench: Fix signed int overflow/segfault. Following-up on the fix for CVE-2019-2201. * debian/control: + Bump Standards-Version: to 4.4.1. No changes needed. * debian/rules: + Re-add uscan-based get-orig-source target (to ease my day for upstream tarball retrieval). Checksums-Sha1: ae56d6b87b4a6252511dcd315daed0564aebcfd4 2339 libjpeg-turbo_2.0.3-1~exp1.dsc 539363a444f92421c098a1a3e7cebfda48d4cfb3 2161279 libjpeg-turbo_2.0.3.orig.tar.gz 9f8857507000c5bf4daa1e8f9c3e0edf1b9b3dd6 80416 libjpeg-turbo_2.0.3-1~exp1.debian.tar.xz 75f631bfc0f4f9ae00da3b7f776ca9eb56a2548d 7412 libjpeg-turbo_2.0.3-1~exp1_source.buildinfo Checksums-Sha256: d83d2fdb9da3c3c62a76b8b105e743e1e3a166a07df5db64bf12257f6c0421e2 2339 libjpeg-turbo_2.0.3-1~exp1.dsc 4246de500544d4ee408ee57048aa4aadc6f165fc17f141da87669f20ed3241b7 2161279 libjpeg-turbo_2.0.3.orig.tar.gz 33d2ea8d6775ba6dad11d044636480a5077c0bd8e7e8f0b78e4ae029c7ccbc1e 80416 libjpeg-turbo_2.0.3-1~exp1.debian.tar.xz 15146ea7607de990ab90ba212c6b6dfe3b341b5c5bcfe2ba7ca505201bc90516 7412 libjpeg-turbo_2.0.3-1~exp1_source.buildinfo Files: 67125f8bf130dfd30a40003f68835039 2339 graphics optional libjpeg-turbo_2.0.3-1~exp1.dsc bd07fddf26f9def7bab02739eb655116 2161279 graphics optional libjpeg-turbo_2.0.3.orig.tar.gz 9950f9aaa95345909614d7c28962d897 80416 graphics optional libjpeg-turbo_2.0.3-1~exp1.debian.tar.xz 71ef17a668e299be62b9fa575c7e9461 7412 graphics optional libjpeg-turbo_2.0.3-1~exp1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl37drgVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxsCcP/0PxFyF0JtlnJ/I4NtDZxJiODjpk 7MEcLJ6027qd1fxXvcl8aBj8akZOSgB6TIM3GPREVsxHXQZlEANN4xW9gYQxFeAP zulC+s4x5BbOxibTqZEvzCRBJqhL4TmhoTA3XA0N61TNlKLUOQAd02vj8mTe54rD UU85We0VizInA7q+IBM1wZL5mN+dTqthl4uCiDy7pEQKKQmx4YcNco0yP2QZwEFG BBA5/HoAMTEw8xt1/b4iNJXvrilIk9kltzwGym/tOcPkDM80gXDwT8ZiVdoGyAzr L1p6CctAyhF6YFkzQKeQ8/fRVtFKApKiWDLF5q/DwfQvLa19UxKaSAvBaVWjlrNw kCMInX/moUe1zAmsjOJ7fTCb+PvAIQ4HtwSqx94n9pKxwWkZdZOF7zP/8Enzu5R6 UIiwJewPyAHePMuoVO/8ZLfRDlka9Y2fFucQkbb8FSv/z0H5Z/mlmMU3c9JwoYTT 3TEOsNsQIBRN8YD/JXQ7dl98YwnsIoqCh5RPLpEIj/A73ea6c87yGnyPw+TQ+zZ6 iSXnjNuZDVL7JAZ9XOYTZArn7x1+RtS+az8I3pMSnF+zyMkdkODddBAltFmqTxGN VVrtHmRYAP+RxTw8XDHi4/Y5wkR2kphScPWIa2xSuFTnmEilVNtDP85Aiy3/vNf5 Q3ok60gynNxIaKFe =oAnU -----END PGP SIGNATURE-----