-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 29 Mar 2021 19:03:02 +0200 Source: leptonlib Binary: libleptonica-dev liblept5 leptonica-progs Architecture: source amd64 Version: 1.74.1-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Jeff Breidenbach <jab@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: leptonica-progs - sample programs for Leptonica image processing library liblept5 - image processing library libleptonica-dev - image processing library Changes: leptonlib (1.74.1-1+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the LTS Team. * activate testsuite (-> make check after make) * CVE-2020-36277 denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c * CVE-2020-36278 heap-based buffer over-read in findNextBorderPixel in ccbord.c * CVE-2020-36279 heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c * CVE-2020-36281 heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c Checksums-Sha1: d203231912ec9e901f3567d183858cd94769e145 2109 leptonlib_1.74.1-1+deb9u1.dsc fadf8e6faae14ea87e86e0df2826f60b07117c7d 10899752 leptonlib_1.74.1.orig.tar.gz f1e9dfe30f09468beae29d809ef2894da105c03f 8484 leptonlib_1.74.1-1+deb9u1.debian.tar.xz 4dd77f6a0801a5e3332fb5eb70f7ee0be8d71a12 34566 leptonica-progs-dbgsym_1.74.1-1+deb9u1_amd64.deb 9bd4849281b2ccdbb26a6966e7806175bd8f2270 17580 leptonica-progs_1.74.1-1+deb9u1_amd64.deb d70f3cb89f9fd52db008d29f96509e6ba2098c7e 7832 leptonlib_1.74.1-1+deb9u1_amd64.buildinfo 7101abea7bc09fd480d666679e6ce362d4ae22ed 2220560 liblept5-dbgsym_1.74.1-1+deb9u1_amd64.deb 54e2f93ff7a27fc9f6cdb16f4f4039f645fadba8 923542 liblept5_1.74.1-1+deb9u1_amd64.deb 0675d84a130ae6e74e46da27b3309c344fe8e7d1 1302964 libleptonica-dev_1.74.1-1+deb9u1_amd64.deb Checksums-Sha256: c63ef213483f0e0832e40916717d2ea5e21be261c27bdacea7820c9368580801 2109 leptonlib_1.74.1-1+deb9u1.dsc 6d40c7318b2b60fec5173475e8a34c1e08799d668a533d1756c9dfeb874a9d8a 10899752 leptonlib_1.74.1.orig.tar.gz 6c489632f9fda615260a8099d2ce51427492753e02db3d568973248c31543775 8484 leptonlib_1.74.1-1+deb9u1.debian.tar.xz 9a3ac24f193e35fdfbcaaf281352bfcc3942d595dfe508a031e4cdab8e97089f 34566 leptonica-progs-dbgsym_1.74.1-1+deb9u1_amd64.deb bf70f12f5893796712198fe704b31f1687f43fe5e05731e0a3086edf5aa0e7cc 17580 leptonica-progs_1.74.1-1+deb9u1_amd64.deb 43850437b01b7ecab67ec1ab8002a33046e980177e496a0b5074e79ce170e234 7832 leptonlib_1.74.1-1+deb9u1_amd64.buildinfo ca788cc2dcaba2066782b37fc51358d8bcc4ac658722a5d160933280239126f6 2220560 liblept5-dbgsym_1.74.1-1+deb9u1_amd64.deb 3cfc478885b9251b2f0b0e4193dadc08d7eb9ba3a0d0d7d9fb47dd8966ca0b25 923542 liblept5_1.74.1-1+deb9u1_amd64.deb 6b8f513c12e6fcb8207225a8de5a3c2eceac8e4d192ebb6d94dae72b321fe300 1302964 libleptonica-dev_1.74.1-1+deb9u1_amd64.deb Files: 1975be9f1a48d767125b99d1a43f0466 2109 graphics optional leptonlib_1.74.1-1+deb9u1.dsc b3de9ae35976fd4fc3f6dae5a4368bca 10899752 graphics optional leptonlib_1.74.1.orig.tar.gz 0b84392915ea4678f303596c1bee8e8f 8484 graphics optional leptonlib_1.74.1-1+deb9u1.debian.tar.xz f6449a306635bd483d8042a95ee34a26 34566 debug extra leptonica-progs-dbgsym_1.74.1-1+deb9u1_amd64.deb 207d2a148762c68af789f96211f901c2 17580 graphics optional leptonica-progs_1.74.1-1+deb9u1_amd64.deb f7b3ecad8350ac0bbad066bdde1a937b 7832 graphics optional leptonlib_1.74.1-1+deb9u1_amd64.buildinfo 7b910372f81675fce6c57651a39dbb99 2220560 debug extra liblept5-dbgsym_1.74.1-1+deb9u1_amd64.deb 172d0e58612f3991f6d01e1a2c9d0634 923542 libs optional liblept5_1.74.1-1+deb9u1_amd64.deb 14b5985da0c5ab0d9cd91d0af08bb214 1302964 libdevel optional libleptonica-dev_1.74.1-1+deb9u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmBkQY1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR1wdD/9SH8UhdBbKSsGOv39GM1YbKElD4twb 1buadZBhI7nNknZ/oltAXfVim/rvSza3PFnFXs+YDUBkrc7NEbxL713f4I44nqzw Vf/C8wKATR9c2Otobw70ySZD29X66cY9xrjy/AfFUBq0uzAxn9Iynk5FFJvS6noB 8PTv69+Po/ZDETCSOj7o43c6H5vV0OqprEMqPSphL+dqXwKPsHRQ/Iwm1DpikDOi kbHUOVqddejTWIT1Jp9YYsSfJJ1dOyRkjNv0Y1M8+/dBdnkTNgxM7ZDooHQMZMwC JRoEk8jHahXVUfqsHTVbaxhqaqiE+e0FnrOpOyMhOYyNK5LY0EfqbMsHcNYIajJb I8B+jjwwqbfXzAGFIKah6rOEioM8JwXi/Z4Zepwf/RIpKXjHLTa32Nv+LevdxMOR Lakr/qr+noa37N4FTtFbgWHuO8JZGqS/fAxagh6CTlKoY2CEA/456gzU1fXfKwb4 LdkYVE0I5mOH7lwwy33iK7j588idxS7N22G3OHBXLloOVBxl59f/c3sKeMfCdF7r Pw0Te2pI+4MzIK/WHQDQj+NlkpclLuRcDcJj+1n/wehteb7R0Cyklhlwt4vfPJvI WUDwJxmLaGVrOaU9pS2yrWiETw68inz0XRtZEBtp6X7wZtubga656G8pkCxTGm5R PEch033g+WMTNg== =1CKN -----END PGP SIGNATURE-----