-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 05 Jun 2021 17:46:10 +0200 Source: libwebp Architecture: source Version: 0.5.2-1+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Jeff Breidenbach <jab@debian.org> Changed-By: Anton Gladky <gladk@debian.org> Changes: libwebp (0.5.2-1+deb9u1) stretch-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * Fix read-overflow while parsing VP8X chunk. CVE-2018-25009 * Fix alpha-filtering crash when image width is larger than radius. CVE-2018-25010 * muxread,anmf: fail on multiple image chunks. CVE-2018-25011 * Fix VP8IoTeardownHook being called twice on worker sync failure. CVE-2018-25012 * Fix out-of-bounds read in ShiftBytes. CVE-2018-25013, CVE-2018-25014 * Fix invalid check for buffer size CVE-2020-36328 * Fix thread race heap-use-after-free CVE-2020-36329 * Fix heap-buffer-overflow in ChunkVerifyAndAssign. CVE-2020-36330 * Validate chunk_size muxread. CVE-2020-36331 Checksums-Sha1: 584f006243af7e456237e936c9a08348ff58790a 2107 libwebp_0.5.2-1+deb9u1.dsc c3adfa47f96a3909fb05e41636fdcbe3826edfbd 1221153 libwebp_0.5.2.orig.tar.gz 5efc1236cd141a3a90a56ac53d4d21a56ed5f120 9336 libwebp_0.5.2-1+deb9u1.debian.tar.xz 925dad164a91d37fac1a701469ab6e2bec42682f 8461 libwebp_0.5.2-1+deb9u1_source.buildinfo Checksums-Sha256: 34b83208758d4412af3ff2730da90c4ddb1d16c44cf1dcfb7cbde58589bc86fe 2107 libwebp_0.5.2-1+deb9u1.dsc b75310c810b3eda222c77f6d6c26b061240e3d9060095de44b2c1bae291ecdef 1221153 libwebp_0.5.2.orig.tar.gz 7161d360ffae7b3a32fa47d8e4a957daf4781595a49f3974811cde10040b7fb9 9336 libwebp_0.5.2-1+deb9u1.debian.tar.xz 24e1216e2f246130d90b4bd5d1ed3c88762717a1703e1b1c32a56736039f7b70 8461 libwebp_0.5.2-1+deb9u1_source.buildinfo Files: 4fce4d70b8bad2a754842d004b99f537 2107 libs optional libwebp_0.5.2-1+deb9u1.dsc 6f36b38c2483b32906f946a621eb0c2e 1221153 libs optional libwebp_0.5.2.orig.tar.gz 825f103972ecfff15648160b8077ca5d 9336 libs optional libwebp_0.5.2-1+deb9u1.debian.tar.xz 9724e7f28032bfda8c1978fd9921a1b0 8461 libs optional libwebp_0.5.2-1+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmC7nGAACgkQ0+Fzg8+n /wZ+txAAhZRHCU9Bt2Pr6c3TpmRApnevCX/6ulU6kKPGhIO80gooT1jXC7i27nl6 T/waY/87BUzP+zxWcqU+ZNUNlcM53zpRIiwcQo2ZewN/28vDhLNQBRoAEASZ1xIh 47LHWB6T/0tSFWXIolmVxarz/jkWBmnbOz5YkhDn7/3PPeFxnaFgUQchdDnYxesu dmcITcpjieZoIGwz1+pyFL0l8nuQD4c5jLyeDvk33cPZ7TYIjVlsnedB3lX0WdSb iRRyS0nkGqe4Q5XTwLYp3O4ASRtkG5LCIG5V6RmG62ck+RmWCBFJo/MCpbmHUi/w ckBf4JYVMLx9WFp377wmQ8VDuGMy0B47veW6XivMohdPpbMzDgAKa5vuF010E2t7 HKKv+KQ66DLb0khw+RD6uv611VvS6CKvOf7uFWxW0uLpSHpAH2dgOPLecpQ5r0r2 Ef79ZYk3Jpp2JDecxkZG+rrbp124xZ6Y782ZNnnisZsEiWQ4/cdoxIBKpmMM0syv etEKpt64bK0elxEED2SpSP0NZ//j56zpC9YsM7GMvpnB/zFT3iN0oNzXi1IHMsbI F2WDene0o/C+z5xIeWWnChPbC6Zb9Bl3doNP6xnc9xUhS08cjufr186v+aZLeqCc NoaoBLZp7vBls4dXNpXU6M1uPvp4NhiBqdpJZc/BUH4RhdCg1ho= =l6Bc -----END PGP SIGNATURE-----