Debian Package Tracker

general

source: djvulibre (main)
version: 3.5.27.1-15
maintainer: Barak A. Pearlmutter (DMD) (LowNMU)
uploaders: Leon Bottou [DMD]
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.5.25.4-4
o-o-sec: 3.5.25.4-4+deb8u2
oldstable: 3.5.27.1-7
stable: 3.5.27.1-10
testing: 3.5.27.1-15
unstable: 3.5.27.1-15

versioned links

3.5.25.4-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.25.4-4+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.27.1-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.27.1-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.27.1-15: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

djview
djview3
djvulibre-bin (8 bugs: 0, 4, 4, 0)
djvulibre-desktop
djvuserve
libdjvulibre-dev
libdjvulibre-text
libdjvulibre21 (2 bugs: 0, 2, 0, 0)

action needed

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2020-10-19 Last update: 2020-10-31 10:00

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit c0adab2f2b0c9f077771d95425b40efdc900fc0b
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Wed Jul 22 15:19:51 2020 +0100

    Rules-Requires-Root: no

Created: 2020-03-23 Last update: 2020-10-31 04:08

lintian reports 3 warnings normal

Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-09-21 06:01

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

djvulibre-desktop could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2020-10-31 06:00

5 ignored security issues in stretch low

There are 5 open security issues in stretch.

5 issues skipped by the security teams:

CVE-2019-15142: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.
CVE-2019-15143: In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.
CVE-2019-15144: In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.
CVE-2019-15145: DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
CVE-2019-18804: DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.

Please fix them.

Created: 2019-08-18 Last update: 2020-08-07 06:08

5 ignored security issues in buster low

There are 5 open security issues in buster.

5 issues skipped by the security teams:

CVE-2019-15142: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.
CVE-2019-15143: In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.
CVE-2019-15144: In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.
CVE-2019-15145: DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
CVE-2019-18804: DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.

Please fix them.

Created: 2019-08-18 Last update: 2020-08-07 06:08

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-11-03 Last update: 2018-11-03 08:00

news

[rss feed]

[2020-07-28] djvulibre 3.5.27.1-15 MIGRATED to testing (Debian testing watch)
[2020-07-22] Accepted djvulibre 3.5.27.1-15 (source) into unstable (Barak A. Pearlmutter)
[2019-11-27] djvulibre 3.5.27.1-14 MIGRATED to testing (Debian testing watch)
[2019-11-21] Accepted djvulibre 3.5.27.1-14 (source) into unstable (Barak A. Pearlmutter)
[2019-11-08] Accepted djvulibre 3.5.25.4-4+deb8u2 (source amd64 all) into oldoldstable (Chris Lamb)
[2019-09-16] djvulibre 3.5.27.1-13 MIGRATED to testing (Debian testing watch)
[2019-09-11] Accepted djvulibre 3.5.27.1-13 (source) into unstable (Barak A. Pearlmutter)
[2019-08-29] Accepted djvulibre 3.5.25.4-4+deb8u1 (source amd64 all) into oldoldstable (Thorsten Alteholz)
[2019-08-15] djvulibre 3.5.27.1-12 MIGRATED to testing (Debian testing watch)
[2019-08-10] Accepted djvulibre 3.5.27.1-12 (source) into unstable (Barak A. Pearlmutter)
[2019-06-06] Accepted djvulibre 3.5.27.1-11 (source all amd64) into unstable (Barak A. Pearlmutter)
[2018-11-08] djvulibre 3.5.27.1-10 MIGRATED to testing (Debian testing watch)
[2018-11-02] Accepted djvulibre 3.5.27.1-10 (source all amd64) into unstable (Barak A. Pearlmutter)
[2018-05-06] djvulibre 3.5.27.1-9 MIGRATED to testing (Debian testing watch)
[2018-04-30] Accepted djvulibre 3.5.27.1-9 (source all amd64) into unstable (Barak A. Pearlmutter)
[2017-10-14] djvulibre 3.5.27.1-8 MIGRATED to testing (Debian testing watch)
[2017-10-09] Accepted djvulibre 3.5.27.1-8 (source all amd64) into unstable (Barak A. Pearlmutter)
[2016-11-09] djvulibre 3.5.27.1-7 MIGRATED to testing (Debian testing watch)
[2016-11-03] Accepted djvulibre 3.5.27.1-7 (source all amd64) into unstable (Barak A. Pearlmutter)
[2016-08-24] djvulibre 3.5.27.1-6 MIGRATED to testing (Debian testing watch)
[2016-08-18] Accepted djvulibre 3.5.27.1-6 (source all amd64) into unstable (Barak A. Pearlmutter)
[2015-11-30] djvulibre 3.5.27.1-5 MIGRATED to testing (Britney)
[2015-11-24] Accepted djvulibre 3.5.27.1-5 (source amd64 all) into unstable (Barak A. Pearlmutter)
[2015-11-03] djvulibre 3.5.27.1-4 MIGRATED to testing (Britney)
[2015-10-28] Accepted djvulibre 3.5.27.1-4 (source amd64 all) into unstable (Barak A. Pearlmutter)
[2015-08-22] djvulibre 3.5.27.1-3 MIGRATED to testing (Britney)
[2015-08-16] Accepted djvulibre 3.5.27.1-3 (source amd64 all) into unstable (Barak A. Pearlmutter)
[2015-07-07] djvulibre 3.5.27.1-2 MIGRATED to testing (Britney)
[2015-07-01] Accepted djvulibre 3.5.27.1-2 (source amd64 all) into unstable (Barak A. Pearlmutter)
[2015-05-11] djvulibre 3.5.27.1-1 MIGRATED to testing (Britney)

bugs [bug history graph]

all: 13
RC: 0
I&N: 7
M&W: 6
F&P: 0
patch: 2

links

homepage
lintian (0, 3)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.5.27.1-15
4 bugs