Debian Package Tracker

general

source: djvulibre (main)
version: 3.5.27.1-12
maintainer: Barak A. Pearlmutter (DMD) (LowNMU)
uploaders: Leon Bottou [DMD]
arch: all any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.5.25.4-4
oldstable: 3.5.27.1-7
stable: 3.5.27.1-10
testing: 3.5.27.1-12
unstable: 3.5.27.1-12

versioned links

3.5.25.4-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.27.1-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.27.1-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.27.1-12: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

djview
djview3
djvulibre-bin (8 bugs: 0, 4, 4, 0)
djvulibre-desktop
djvuserve
libdjvulibre-dev
libdjvulibre-text
libdjvulibre21 (2 bugs: 0, 2, 0, 0)

action needed

4 security issues in stretch high

There are 4 open security issues in stretch.

4 important issues:

CVE-2019-15143: In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.
CVE-2019-15145: DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
CVE-2019-15144: In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.
CVE-2019-15142: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.

Please fix them.

Created: 2019-08-18 Last update: 2019-08-23 08:17

4 security issues in buster high

There are 4 open security issues in buster.

4 important issues:

CVE-2019-15143: In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.
CVE-2019-15145: DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
CVE-2019-15144: In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.
CVE-2019-15142: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.

Please fix them.

Created: 2019-08-18 Last update: 2019-08-23 08:17

4 security issues in jessie high

There are 4 open security issues in jessie.

4 important issues:

CVE-2019-15143: In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.
CVE-2019-15145: DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
CVE-2019-15144: In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.
CVE-2019-15142: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.

Please fix them.

Created: 2019-08-18 Last update: 2019-08-23 08:17

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-08-24 11:04

Depends on packages which need a new maintainer normal

The packages that djvulibre depends on which need a new maintainer are:

apache2 (#910917)
- Recommends: apache2

Created: 2018-10-13 Last update: 2019-08-24 09:06

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2019-07-20 Last update: 2019-07-20 05:42

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

djvulibre-desktop could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2019-08-23 04:07

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-11-03 Last update: 2018-11-03 08:00

news

[rss feed]

[2019-08-15] djvulibre 3.5.27.1-12 MIGRATED to testing (Debian testing watch)
[2019-08-10] Accepted djvulibre 3.5.27.1-12 (source) into unstable (Barak A. Pearlmutter)
[2019-06-06] Accepted djvulibre 3.5.27.1-11 (source all amd64) into unstable (Barak A. Pearlmutter)
[2018-11-08] djvulibre 3.5.27.1-10 MIGRATED to testing (Debian testing watch)
[2018-11-02] Accepted djvulibre 3.5.27.1-10 (source all amd64) into unstable (Barak A. Pearlmutter)
[2018-05-06] djvulibre 3.5.27.1-9 MIGRATED to testing (Debian testing watch)
[2018-04-30] Accepted djvulibre 3.5.27.1-9 (source all amd64) into unstable (Barak A. Pearlmutter)
[2017-10-14] djvulibre 3.5.27.1-8 MIGRATED to testing (Debian testing watch)
[2017-10-09] Accepted djvulibre 3.5.27.1-8 (source all amd64) into unstable (Barak A. Pearlmutter)
[2016-11-09] djvulibre 3.5.27.1-7 MIGRATED to testing (Debian testing watch)
[2016-11-03] Accepted djvulibre 3.5.27.1-7 (source all amd64) into unstable (Barak A. Pearlmutter)
[2016-08-24] djvulibre 3.5.27.1-6 MIGRATED to testing (Debian testing watch)
[2016-08-18] Accepted djvulibre 3.5.27.1-6 (source all amd64) into unstable (Barak A. Pearlmutter)
[2015-11-30] djvulibre 3.5.27.1-5 MIGRATED to testing (Britney)
[2015-11-24] Accepted djvulibre 3.5.27.1-5 (source amd64 all) into unstable (Barak A. Pearlmutter)
[2015-11-03] djvulibre 3.5.27.1-4 MIGRATED to testing (Britney)
[2015-10-28] Accepted djvulibre 3.5.27.1-4 (source amd64 all) into unstable (Barak A. Pearlmutter)
[2015-08-22] djvulibre 3.5.27.1-3 MIGRATED to testing (Britney)
[2015-08-16] Accepted djvulibre 3.5.27.1-3 (source amd64 all) into unstable (Barak A. Pearlmutter)
[2015-07-07] djvulibre 3.5.27.1-2 MIGRATED to testing (Britney)
[2015-07-01] Accepted djvulibre 3.5.27.1-2 (source amd64 all) into unstable (Barak A. Pearlmutter)
[2015-05-11] djvulibre 3.5.27.1-1 MIGRATED to testing (Britney)
[2015-05-05] Accepted djvulibre 3.5.27.1-1 (source amd64 all) into unstable (Barak A. Pearlmutter)
[2015-02-12] Accepted djvulibre 3.5.27-0pre1 (source amd64 all) into experimental (Barak A. Pearlmutter)
[2015-01-06] Accepted djvulibre 3.5.26-1 (source amd64 all) into experimental (Barak A. Pearlmutter)
[2014-03-26] djvulibre 3.5.25.4-4 MIGRATED to testing (Debian testing watch)
[2014-03-20] Accepted djvulibre 3.5.25.4-4 (source amd64 all) (Barak A. Pearlmutter)
[2014-02-01] djvulibre 3.5.25.4-3 MIGRATED to testing (Debian testing watch)
[2014-01-21] Accepted djvulibre 3.5.23-3+squeeze1 (source i386) (Raphael Geissert)
[2014-01-21] Accepted djvulibre 3.5.25.4-3 (source amd64 all) (Barak A. Pearlmutter)

bugs [bug history graph]

all: 13
RC: 0
I&N: 7
M&W: 6
F&P: 0
patch: 2

links

homepage
lintian (0, 1)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.5.27.1-12
4 bugs