-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 25 May 2021 18:02:31 +0200 Source: djvulibre Binary: libdjvulibre-dev libdjvulibre21 libdjvulibre-text djvulibre-dbg djvulibre-desktop djview djview3 djvuserve djvulibre-bin Architecture: source Version: 3.5.27.1-7+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Barak A. Pearlmutter <bap@debian.org> Changed-By: Sylvain Beucler <beuc@debian.org> Description: djview - Transition package, djview3 to djview4 djview3 - Transition package, djview3 to djview4 djvulibre-bin - Utilities for the DjVu image format djvulibre-dbg - Debug symbols for the DjVu image format djvulibre-desktop - Desktop support for the DjVu image format djvuserve - CGI program for unbundling DjVu files on the fly libdjvulibre-dev - Development files for the DjVu image format libdjvulibre-text - Linguistic support files for libdjvulibre libdjvulibre21 - Runtime support for the DjVu image format Changes: djvulibre (3.5.27.1-7+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2019-15142: heap-buffer-overflow when reading a crafted file * CVE-2019-15143: infinite loop that can be triggered by crafted file * CVE-2019-15144: stack-overflow error when processing a crafted file * CVE-2019-15145: invalid read error when reading a crafted file * CVE-2019-18804: NULL pointer dereference issue in the IW44 encoder/decoder * CVE-2021-3500: stack overflow in DJVU::DjVuDocument::get_djvu_file() * CVE-2021-32490: out of bounds write in function DJVU::filter_bv() * CVE-2021-32491: integer overflow in function render() in tools/ddjvu * CVE-2021-32492: out of bounds read in function DJVU::DataPool::has_data() * CVE-2021-32493: heap buffer overflow in function DJVU::GBitmap::decode() Checksums-Sha1: e2e3c006f6a3bbd55a522d3f872f920279d76bde 2501 djvulibre_3.5.27.1-7+deb9u1.dsc b9619541900ca31e428c4f33a5f07754a5463d54 3231662 djvulibre_3.5.27.1.orig.tar.gz f9e228221349301ee3b3398283079073358c4cc4 57992 djvulibre_3.5.27.1-7+deb9u1.debian.tar.xz 41029c33655fee51ba68effe880b7529a19777be 10452 djvulibre_3.5.27.1-7+deb9u1_amd64.buildinfo Checksums-Sha256: 73b81f6a1f4cd960783d7830bd670defdb87172321f594a53857831077792db6 2501 djvulibre_3.5.27.1-7+deb9u1.dsc 77f07de3f1039aa19eba2eb3170d9ce9a0918ba7b704a59cfaf08f42fcc52144 3231662 djvulibre_3.5.27.1.orig.tar.gz 6362b83776e1fc56e13baeb3b2a864460f02c3e670c830a6fd84844fb17b3870 57992 djvulibre_3.5.27.1-7+deb9u1.debian.tar.xz f931b5413a3646d3dd580bfd4d3d2163df7bbe6ed4da686121a45f6797faff1d 10452 djvulibre_3.5.27.1-7+deb9u1_amd64.buildinfo Files: 69abd065b0018c84ad9df2b122c4c81c 2501 libs optional djvulibre_3.5.27.1-7+deb9u1.dsc b0a64659af0424745f72daa014407616 3231662 libs optional djvulibre_3.5.27.1.orig.tar.gz ec572ecd35dcb24343df3b509baa53fe 57992 libs optional djvulibre_3.5.27.1-7+deb9u1.debian.tar.xz 4d9d5077877c2670a197fce270f4ccd4 10452 libs optional djvulibre_3.5.27.1-7+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmCuZQQACgkQDTl9HeUl XjB9eg/9EBxhJtdiqux7nOvt3T0/AaHwpOqK7mHCSLwvDTdpRJl+nDWpLRjV69zO 67jP94EcaEVEJEH3nrl587mj/6cMY/J0iFD/SLy2MYj8cwy7pjPPo5uSix2HG5gk WEwZ9RL7J4pRjSGv2/ZiNbyZWBUlp7RPIbltYobEq3AywWAfhcXiOENKPzG1s492 RSV6mpm3kSLMojLT8RSWOM/j2X2GlKFyVk4q45EQaFVDHeK1IXJiMg9gULY5vENI BX9KzlpwsCExOZjYFc6SMbLd5rf9AIK+3KLCd+IuWsEMY17w3DWKaCuobAZViTtZ Jv4oeCwabsRLanMpfQvipOVQIb/6h3nsLrbw7SRd39bpk3L0SAaxToqj8WxkuqIP Uv1DKgne/DLH9Y4IXMtDmCX2G9X+R2HJ/QFvkT2IX2EWoCAiFwOFMf9Btyhn+6PQ Dz8WK3tND+Zo5JOA0bgdtiWjSv3P3hLfiqbNMaaitN0TiTmT/kAPGxeDuyDEl+6E a5Evkx3h4dsQJ7SiEPyCQsfM7UPQRdTIswa+2RQT8LcZ3UIyZ2sqya9KylS/Ssqv NF23HhKGAf6IK8yRWFndZMOBydXcJC7fv7DZcq928eFf+PEFavYX6H28nR/f+iF4 eFILUCz1OVF4S0QmWuMG73KVqNNJx7AhFICerE16dCTQuhTv58w= =mL8b -----END PGP SIGNATURE-----
