-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 18 Apr 2021 10:03:02 +0200 Source: leptonlib Architecture: source Version: 1.79.0-1.1 Distribution: unstable Urgency: medium Maintainer: Jeff Breidenbach <jab@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Closes: 985089 Changes: leptonlib (1.79.0-1.1) unstable; urgency=medium . * Non-maintainer upload by the LTS Team. (Closes: #985089) * CVE-2020-36277 denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c * CVE-2020-36278 heap-based buffer over-read in findNextBorderPixel in ccbord.c * CVE-2020-36279 heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c * CVE-2020-36280 heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c * CVE-2020-36281 heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c Checksums-Sha1: 0ed580ac3c65b6f1e04c8f479c6933c374803fda 2123 leptonlib_1.79.0-1.1.dsc 0af3994a8d71a4d2282ef2d4fe4b94a6563cf6b3 8960 leptonlib_1.79.0-1.1.debian.tar.xz e61ccc956749f5cff164cffdd96dd8d25fe6dfde 8858 leptonlib_1.79.0-1.1_amd64.buildinfo Checksums-Sha256: 76b94cbd61b25f2b091eb776c290ec157b706ed284a81c431111ab936c587123 2123 leptonlib_1.79.0-1.1.dsc 1cfe676e5b4480431395b69c7ca4bb3d696cf25484ef5538068cfd9f850ef042 8960 leptonlib_1.79.0-1.1.debian.tar.xz 2cc64e6a5ce623696c4943d04de47fbbaaafa3d0ec66dad3cfe2514c69c1fb7c 8858 leptonlib_1.79.0-1.1_amd64.buildinfo Files: 3354cb7b2dc97a1db456403608b4bcdb 2123 graphics optional leptonlib_1.79.0-1.1.dsc f9d433b74f0985934ed52bc52b0d1f5a 8960 graphics optional leptonlib_1.79.0-1.1.debian.tar.xz 4bb8066a0d415b76e3c154f9c75057bd 8858 graphics optional leptonlib_1.79.0-1.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmB8aahfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR1TcEADBCucmYHviTrpQmZBNLxzM4bdM0YwB TCGIs8VOH+/JN6qpRDTy6/8nuVSnd16SgeE+8StZiPqnBACEVWCJl5TH/hYAR7kZ Bge7gejVUU8TPirSTVWlzVqSduB5gKOBYWAR0flxMgtGjfvm9keCdYWyDAI+fFN2 jUKz2TSFKOF6HurH0MmaTrgtMRfP3vrBLlN4nbL4ryQ8atvi3a4fsh9USOrQtAXD 0kv4Vw+nr1LGUZkM/YyQFTBlwVLYZheQ42RWXzBWmArjNQjT5l0BpZHEDVULvGvz Lp/4ehrBKp9NQQPueHA2Nm7Z8CBij+ABNrgCfhcOK5t3pcq9keujRkcR7uQ2Q6vl SIJyXRg2q/LNF4v3HnXr30NgABX2pXrHt+NYAS8JEIMNvDQzBt3zIfdCQHRBdFYm oPxlWyLaMTdRuhKl7jDVw4xqbjZzB9wY1lYwdQNZxeDLA3zC2kv4OQtihMsFJcKq zsPGTmPgK1Wdneo+pgvHQd4F8N65VZiYX0PyU9nfW9ipHVFQof79hihfslgerwGA 9DM06hAdVC3ScDHM6w7NMTrqETWLebw2KwaM7s6SRIkf3++fA2LlxlpHe0JJMWJU QPGS942/liN1sGlvanjFlGtGBhfy68CC9HScM40OGY+fSX9/FUAqu21ei+Z5hlxa nTd0aqOxqZfDfA== =wNmg -----END PGP SIGNATURE-----