djvulibre - Debian Package Tracker

general

source: djvulibre (main)
version: 3.5.28-2
maintainer: Barak A. Pearlmutter (DMD) (LowNMU)
uploaders: Leon Bottou [DMD]
arch: all any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.5.27.1-10+deb10u1
o-o-sec: 3.5.27.1-10+deb10u1
oldstable: 3.5.28-2
stable: 3.5.28-2
testing: 3.5.28-2
unstable: 3.5.28-2

versioned links

3.5.27.1-10+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.28-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

djview (1 bugs: 0, 0, 1, 0)
djview3
djvulibre-bin (10 bugs: 0, 6, 4, 0)
djvulibre-desktop
djvuserve
libdjvulibre-dev
libdjvulibre-text
libdjvulibre21 (2 bugs: 0, 2, 0, 0)

action needed

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2021-46310: An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.
CVE-2021-46312: An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.

Created: 2023-08-24 Last update: 2023-09-09 00:22

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2021-46310: An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.
CVE-2021-46312: An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.

Created: 2023-08-24 Last update: 2023-09-09 00:22

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2023-09-13 Last update: 2023-09-23 04:02

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 3.5.28-3, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit b5c2aad795be6b770793322b51bba90fa02658b4
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Tue Mar 22 22:02:42 2022 +0000

    approved way of snarfing DEB_HOST_MULTARCH

commit 1b3abdc78d799756494de8d66dfeebec91b19970
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Wed Jul 26 21:02:53 2023 +0100

    Update standards version to 4.6.2, no changes needed.
    
    Changes-By: lintian-brush
    Fixes: lintian: out-of-date-standards-version
    See-also: https://lintian.debian.org/tags/out-of-date-standards-version.html

commit 646e08bf470debac77cc44666c06d31492a9ef91
Merge: 58afe62 6a1e5ba
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Wed Jul 26 21:00:24 2023 +0100

    Merge branch 'master' into debian

commit 58afe620206653054d163e63325b9c9081eafb5f
Merge: 8a7c725 2d77098
Author: Jelmer Vernooĳ <jelmer@debian.org>
Date:   Sat Nov 19 11:52:46 2022 +0000

    Merge branch 'lintian-fixes' into 'debian'
    
    Fix some issues reported by lintian
    
    See merge request debian/djvulibre!2

commit 2d770986c5b1a97153eeda91b3f1c87c7de3fa0a
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Mon Nov 14 23:48:47 2022 +0000

    Update standards version to 4.6.1, no changes needed.
    
    Changes-By: lintian-brush
    Fixes: lintian: out-of-date-standards-version
    See-also: https://lintian.debian.org/tags/out-of-date-standards-version.html

commit eb64cda0e7d1f38e72986ba608439288c99b295b
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Mon Nov 14 23:48:34 2022 +0000

    Use secure URI in Homepage field.
    
    Changes-By: lintian-brush
    Fixes: lintian: homepage-field-uses-insecure-uri
    See-also: https://lintian.debian.org/tags/homepage-field-uses-insecure-uri.html

commit 6a1e5ba1c9ef81c205a4b270c3f121a1e106f4fc
Author: Leon Bottou <leonb@fb.com>
Date:   Thu Aug 4 19:06:51 2022 -0400

    Add navm fix to djvuchanges. Fix -bpp limit in c44.

commit 1a47fd3a6396efcbcba892bb415185ddeb6d3535
Author: Leon Bottou <leon@bottou.org>
Date:   Sun Dec 5 19:17:49 2021 -0500

    Improved merge_and_split_ccs does not join large cc pieces.
    See https://sourceforge.net/p/djvu/discussion/103286/thread/3898bf84bf/?limit=25#b26f

commit 8a7c7253ad2a1a8c64f09c81d4b72fd0d8e28024
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Thu Sep 2 14:17:17 2021 +0100

    bump policy

commit d0b5e196b0417cce836ce606df9dd5691f1fe2d1
Merge: 2bec685 2ad2b70
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Fri Jul 23 14:14:49 2021 +0100

    Merge remote-tracking branch 'upstream/master' into debian

commit 2ad2b702d864d1974f0c569a7594b27e67c64a40
Author: Leon Bottou <leon@bottou.org>
Date:   Sun Jul 11 09:38:52 2021 -0400

    fixed typo in previous commit

commit 254b3f3f3824960eb1eed5f3d5683c30365ff95c
Author: Leon Bottou <leon@bottou.org>
Date:   Sun Jul 11 08:48:31 2021 -0400

    Tentative fix for bug #302

commit 9d00916b06a54bb8ce2807f2d6faeb4f1a6aa118
Author: Leon Bottou <leon@bottou.org>
Date:   Tue Jun 15 18:38:23 2021 -0400

    tentative fix for incorrect resolution in tiff tags

commit eec7b7228d2c4d8f95d824fc3911f2a5ff57ffa9
Author: Leon Bottou <leon@bottou.org>
Date:   Wed Jun 2 09:50:37 2021 -0400

    DjVuToPS fix for images without foreground.

commit 2bec685223379e3ab590318f0d2600d822f78aca
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Fri May 28 11:37:56 2021 +0100

    All Hail the Multiarch Hinter Toad!

commit 0a984511acc1e7cbfa34bcee23d9fdd3de07febb
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Tue May 11 23:13:07 2021 +0100

    remove upstreamed or unnecessary patches

commit 5613eca9d98aa7a2eaf2143f415dd7294db6b646
Merge: 098c818 cd8b5c9
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Tue May 11 23:08:08 2021 +0100

    Merge remote-tracking branch 'upstream/master' into debian

commit cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6
Author: Leon Bottou <leon@bottou.org>
Date:   Tue May 11 14:44:09 2021 -0400

    Reviewed Fedora patches and adopted some of them (or variants thereof)
    
     - Patch0: djvulibre-3.5.22-cdefs.patch                  (forward ported)
    Does not make imuch sense. GSmartPointer.h already includes "stddef.h"
     - Patch6: djvulibre-3.5.27-export-file.patch              (forward ported)
    Incorrect: inkscape command is --export-png, not --export-filename.
     - Patch8: djvulibre-3.5.27-check-image-size.patch         (forward ported)
    Correct: adopted a variant of this
     - Patch9: djvulibre-3.5.27-integer-overflow.patch         (forward ported)
    Correct: adopted a variant of this
     - Patch10: djvulibre-3.5.27-check-input-pool.patch        (forward ported)
    Adopted: input validation never hurts
     - Patch11: djvulibre-3.5.27-djvuport-stack-overflow.patch (forward ported)
    Dubious: Instead I changed djvufile to prevent a file from including itself
    which is the only way I can imagine to create an file creation loop.
     - Patch12: djvulibre-3.5.27-unsigned-short-overflow.patch (forward ported)
    Adopted: but without including limits.h

Created: 2021-05-28 Last update: 2023-09-19 13:46

lintian reports 11 warnings normal

Lintian reports 11 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-01-27 Last update: 2023-02-18 12:36

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

djvulibre-desktop could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2023-09-23 04:39

2 low-priority security issues in bullseye low

There are 2 open security issues in bullseye.

2 issues left for the package maintainer to handle:

CVE-2021-46310: (needs triaging) An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.
CVE-2021-46312: (needs triaging) An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-08-24 Last update: 2023-09-09 00:22

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2021-46310: (needs triaging) An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.
CVE-2021-46312: (needs triaging) An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-08-24 Last update: 2023-09-09 00:22

debian/patches: 7 patches to forward upstream low

Among the 7 debian patches available in version 3.5.28-2 of the package, we noticed the following issues:

7 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-02-26 15:54

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-11-03 Last update: 2018-11-03 08:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.5.1).

Created: 2021-08-18 Last update: 2022-12-17 19:17

news

[rss feed]

[2022-01-08] Accepted djvulibre 3.5.27.1-10+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Florian Weimer)
[2021-12-28] Accepted djvulibre 3.5.27.1-10+deb10u1 (source) into oldstable->embargoed, oldstable (Debian FTP Masters) (signed by: Florian Weimer)
[2021-07-03] Accepted djvulibre 3.5.27.1-7+deb9u2 (source) into oldstable (Utkarsh Gupta)
[2021-05-26] Accepted djvulibre 3.5.27.1-7+deb9u1 (source) into oldstable (Sylvain Beucler)
[2021-05-16] djvulibre 3.5.28-2 MIGRATED to testing (Debian testing watch)
[2021-05-10] Accepted djvulibre 3.5.28-2 (source) into unstable (Barak A. Pearlmutter)
[2020-11-28] djvulibre 3.5.28-1 MIGRATED to testing (Debian testing watch)
[2020-11-23] Accepted djvulibre 3.5.28-1 (source) into unstable (Barak A. Pearlmutter)
[2020-07-28] djvulibre 3.5.27.1-15 MIGRATED to testing (Debian testing watch)
[2020-07-22] Accepted djvulibre 3.5.27.1-15 (source) into unstable (Barak A. Pearlmutter)
[2019-11-27] djvulibre 3.5.27.1-14 MIGRATED to testing (Debian testing watch)
[2019-11-21] Accepted djvulibre 3.5.27.1-14 (source) into unstable (Barak A. Pearlmutter)
[2019-11-08] Accepted djvulibre 3.5.25.4-4+deb8u2 (source amd64 all) into oldoldstable (Chris Lamb)
[2019-09-16] djvulibre 3.5.27.1-13 MIGRATED to testing (Debian testing watch)
[2019-09-11] Accepted djvulibre 3.5.27.1-13 (source) into unstable (Barak A. Pearlmutter)
[2019-08-29] Accepted djvulibre 3.5.25.4-4+deb8u1 (source amd64 all) into oldoldstable (Thorsten Alteholz)
[2019-08-15] djvulibre 3.5.27.1-12 MIGRATED to testing (Debian testing watch)
[2019-08-10] Accepted djvulibre 3.5.27.1-12 (source) into unstable (Barak A. Pearlmutter)
[2019-06-06] Accepted djvulibre 3.5.27.1-11 (source all amd64) into unstable (Barak A. Pearlmutter)
[2018-11-08] djvulibre 3.5.27.1-10 MIGRATED to testing (Debian testing watch)
[2018-11-02] Accepted djvulibre 3.5.27.1-10 (source all amd64) into unstable (Barak A. Pearlmutter)
[2018-05-06] djvulibre 3.5.27.1-9 MIGRATED to testing (Debian testing watch)
[2018-04-30] Accepted djvulibre 3.5.27.1-9 (source all amd64) into unstable (Barak A. Pearlmutter)
[2017-10-14] djvulibre 3.5.27.1-8 MIGRATED to testing (Debian testing watch)
[2017-10-09] Accepted djvulibre 3.5.27.1-8 (source all amd64) into unstable (Barak A. Pearlmutter)
[2016-11-09] djvulibre 3.5.27.1-7 MIGRATED to testing (Debian testing watch)
[2016-11-03] Accepted djvulibre 3.5.27.1-7 (source all amd64) into unstable (Barak A. Pearlmutter)
[2016-08-24] djvulibre 3.5.27.1-6 MIGRATED to testing (Debian testing watch)
[2016-08-18] Accepted djvulibre 3.5.27.1-6 (source all amd64) into unstable (Barak A. Pearlmutter)
[2015-11-30] djvulibre 3.5.27.1-5 MIGRATED to testing (Britney)

bugs [bug history graph]

all: 16
RC: 0
I&N: 9
M&W: 7
F&P: 0
patch: 2

links

homepage
lintian (0, 11)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.5.28-2build3
6 bugs