-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 30 Nov 2023 11:19:08 +0000 Source: zbar Architecture: source Version: 0.23.92-9 Distribution: unstable Urgency: high Maintainer: Boyuan Yang <byang@debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1051724 Changes: zbar (0.23.92-9) unstable; urgency=high . * Non-maintainer upload. * Fix two security bug (Closes: #1051724): - Fix CVE-2023-40889: A heap-based buffer overflow existed in the qr_reader_match_centers function. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner. - Fix CVE-2023-40890: A stack overflow was present in lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner. Checksums-Sha1: 4c881f8e8b288c4bd93b264cab966bb89dce5968 2798 zbar_0.23.92-9.dsc 9ca55693d7466a57fd76846506fcc28f31437489 13952 zbar_0.23.92-9.debian.tar.xz 0a717124397c09e8e8774b4609396fe5d6facb79 23513 zbar_0.23.92-9_amd64.buildinfo Checksums-Sha256: 2032db98c18162e57da823fbdfcca2a8c2df77d14092546e020591203059b30c 2798 zbar_0.23.92-9.dsc 54494d1e17adbda88231cd9a8790cadc92633af8fd579c34ae0e1cebd13c2dd8 13952 zbar_0.23.92-9.debian.tar.xz 0f0330259c9efa500f8d41361b5c065369861e8dd559a5a7dae9825222531b38 23513 zbar_0.23.92-9_amd64.buildinfo Files: 2fece9f42b95098a18770bb4cffba7d7 2798 libs optional zbar_0.23.92-9.dsc 8c7f8f21b640efbaa2196fc032b83af7 13952 libs optional zbar_0.23.92-9.debian.tar.xz 1ce4a9f47c4a09a77c3c39d8346713d5 23513 libs optional zbar_0.23.92-9_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmVocb8RHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF9afQ//axbc/HyR+RdY/673YgBN4CZownvrcTxY RHKoKHku906YDFjiQBJcvLrdLTkc0BfZvI6qqn6jG5tAIMLLxadzVvzDEG+rzDhN NKpR1vwV82i6oZdjljXyimK8ibB672ghEEShmgrr9TpayMAMxQPGtwwfWmgnF9r4 2ZVdF7PqPR7Fpugo5fIaY1W/H/G21u/i1PqouinWjb9MQbhu5kx8+VozPjlunGaq c570Kz0n3WlFhalmLo+Hm5hX5O++v1/uFFUNcTj4HnmYi+6YZbfB9fJAx3nMHW6E HpNm6av2XkMVrWPqYLuE4PBpmwnBTrlY+5UOF4iRQVIbsyOv3z7ZCeo8nLN5S1Kd dhAkPxcP30DsZs5UHwnet95he6A6SKAU7fQgmfJWFcfP0SHnvd7IkJaOlnXJ8ahj zIBTYNhQp2iIY1F2Ak0DSvYDNLeFaUg8d5VXIXCoCWKxpqfGKYx5RAxwdhtozkkp 7Ulp4Z26U8emtFwKzm2ab0Dek+efJfBk7h99fTtebowXpuqHYRqe2HQERbEaNZQH pxaPiVklzcqybRO1K4mumDjo2s5Kiskf1GmUizyQrT7iGxiGZ4BiBRvDSD1/IKR9 BEUM0VA79Wsb5h4WRVcIPFxSETdlqzLQj+C8K97TJl3jqr0Lcomvz3yoODjmOATg NmLJHI6PZy4= =u8I0 -----END PGP SIGNATURE-----
