-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 15 May 2017 19:39:04 +0200 Source: jbig2dec Binary: libjbig2dec0-dev libjbig2dec0 jbig2dec Architecture: source amd64 Version: 0.13-4~deb7u2 Distribution: wheezy-security Urgency: medium Maintainer: Debian Printing Team <debian-printing@lists.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: jbig2dec - JBIG2 decoder library - tools libjbig2dec0 - JBIG2 decoder library - shared libraries libjbig2dec0-dev - JBIG2 decoder library - development files Changes: jbig2dec (0.13-4~deb7u2) wheezy-security; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * CVE-2017-7885 Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file. * CVE-2017-7975 Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. * CVE-2017-7976 Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory. Checksums-Sha1: 142f95b83e0e215689f8704e3ceec982ca9634b8 2264 jbig2dec_0.13-4~deb7u2.dsc 72664deddb5f1844323dd133d7d1d2bbdf2f92e7 122387 jbig2dec_0.13.orig.tar.gz accefa5e52920f77e61b017d7311bb36780588f0 30001 jbig2dec_0.13-4~deb7u2.debian.tar.gz 58401d2152acfc136e0c68c12ffc88b3f15f3d79 73460 libjbig2dec0-dev_0.13-4~deb7u2_amd64.deb 99355f7f479b76f7de0ad840a0b410c7caf5eb1c 68376 libjbig2dec0_0.13-4~deb7u2_amd64.deb 1cebac749e4e826f0a774ab701d6c41c8f5844d0 33536 jbig2dec_0.13-4~deb7u2_amd64.deb Checksums-Sha256: 166695945da52dfa30d5a9af601adc30496643dfd987c8f9f8a8b06dd91ad357 2264 jbig2dec_0.13-4~deb7u2.dsc c8b13b78d4bfd85df088943370cf93768e19c6f5dfe74178d7088e54b6db4ffb 122387 jbig2dec_0.13.orig.tar.gz 55536274ad53f72e4eedcd7153cbc90180f8ef408c6b223db27737f6505e1c04 30001 jbig2dec_0.13-4~deb7u2.debian.tar.gz 351df87f49caa488484f8a41fb55119d5c93c634742b2b5e6c6f6868e54264b8 73460 libjbig2dec0-dev_0.13-4~deb7u2_amd64.deb fec18cfd5c9c8e4279f4f3385c26eeccf71bea9c9a3ef850aef5bf1564b4bc6e 68376 libjbig2dec0_0.13-4~deb7u2_amd64.deb 6fd794899f55807bf1d83512e2f618e32a72b56248c5752e0dc2c0cb3be5fbb3 33536 jbig2dec_0.13-4~deb7u2_amd64.deb Files: e80da1443b85e177c49fdc0b17d165e7 2264 libs optional jbig2dec_0.13-4~deb7u2.dsc ae405891a2913c3c3d15892831de24c6 122387 libs optional jbig2dec_0.13.orig.tar.gz 3934c7d79ad3906e651c086a6aacdae5 30001 libs optional jbig2dec_0.13-4~deb7u2.debian.tar.gz aaf95fb33a181a008da1339cbab827c9 73460 libdevel optional libjbig2dec0-dev_0.13-4~deb7u2_amd64.deb 8922c3dda7b0b9c738b67fb7ba21a762 68376 libs optional libjbig2dec0_0.13-4~deb7u2_amd64.deb e5fd69853fe923931f6aa8e11283a43a 33536 graphics optional jbig2dec_0.13-4~deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlkZ7iBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR8WoD/4siWfeN/26168WbZsl1bK0Kcn96ZYY vySHv4ZzDFYio+KtRo4/bovzjgd8YOdnNriJ9uVUdZO1uhANYY2/pqvhiEXwW0tb kgCISAasgOT9L2er87tvcwyR5NZo7+L8LSv6GfodOAebKqxw/sWejCVgu8pwgpB8 qaRO4mEhRd32U76ESCDAG1tXLRSB0Ht1Lf/PPl4CzY/mamfRmfbO3FWspfvROXcY PyiYV3a8q9SPfViHKlaayB5+DcSVBBAWIkb+G1e/J40Er7qYwsA3Nii1Af189W+a i4gJtuNH2biQodeh6g8HQ5Myl74kuJ4MUqmBLAZgHmBfWWB5jcLCMQL9eyfxHUku ulhrqmR3Xdw2v9rzGyLBlzCDXQqzalpieDjuWYOPfDJXe8CetpPgveqV9TTh6Nls GmsJBvJez24bFtl/zhcc+kyPw98+hsWODmftOqGM0bha8nujODSdLoHYjjo4VKv9 WoR1qPJuatGsZh8sy+Bcc2JXfh/AoAJRwXg48ALgCB3O6gWma0RUyh617rKuKhh+ k3z7k82JaPkjfP9LfS0FO3BdMPzvkbUZ8XfMXRb2Y+iDeRIe9LOiSQ8zs1Xqs2f8 9zbyKpecYp9hzAo/tK2e+etPqp8J0ENA4dNHVxzWbDdCKkmOsPdtgi8lxiFzqALo 58yTbTCO4zH2FQ== =EQvf -----END PGP SIGNATURE-----