Debian Package Tracker

general

source: djvulibre (main)
version: 3.5.27.1-14
maintainer: Barak A. Pearlmutter (DMD) (LowNMU)
uploaders: Leon Bottou [DMD]
arch: all any
std-ver: 4.4.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.5.25.4-4
o-o-sec: 3.5.25.4-4+deb8u2
oldstable: 3.5.27.1-7
stable: 3.5.27.1-10
testing: 3.5.27.1-14
unstable: 3.5.27.1-14

versioned links

3.5.25.4-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.25.4-4+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.27.1-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.27.1-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.5.27.1-14: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

djview
djview3
djvulibre-bin (8 bugs: 0, 4, 4, 0)
djvulibre-desktop
djvuserve
libdjvulibre-dev
libdjvulibre-text
libdjvulibre21 (2 bugs: 0, 2, 0, 0)

action needed

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2020-02-26 Last update: 2020-06-01 06:01

4 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 0304a7585fc008dac552dc3b13fcd0d1abd0f267
Merge: a00b761 af427d8
Author: Barak A. Pearlmutter <barak+git@pearlmutter.net>
Date:   Sat Feb 29 11:24:29 2020 +0000

    Merge remote-tracking branch 'upstream/master' into debian

commit af427d87a679e3427e20d31f0d904c261879a4fa
Author: Leon Bottou <leon@bottou.org>
Date:   Tue Feb 25 11:57:10 2020 -0500

    clean spaces

commit 8e79901a927d7b20b629f5240e64f617d67f3dff
Author: Leon Bottou <leon@bottou.org>
Date:   Tue Feb 25 11:35:13 2020 -0500

    pthread_cancel missing on Android.

commit 3966e177ce1419e4622b9fd384fff8fed527f421
Author: Leon Bottou <leon@bottou.org>
Date:   Mon Feb 17 15:53:47 2020 -0500

    changed djvu.1 to mention Cuminas and remove djvuzone pointers.

Created: 2020-03-23 Last update: 2020-05-26 16:35

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2020-05-21 Last update: 2020-05-21 00:02

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

djvulibre-desktop could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2020-06-01 01:35

5 ignored security issues in buster low

There are 5 open security issues in buster.

5 issues skipped by the security teams:

CVE-2019-15143: In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.
CVE-2019-15142: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.
CVE-2019-15145: DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
CVE-2019-15144: In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.
CVE-2019-18804: DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.

Please fix them.

Created: 2019-08-18 Last update: 2019-11-27 09:06

5 ignored security issues in stretch low

There are 5 open security issues in stretch.

5 issues skipped by the security teams:

CVE-2019-15143: In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.
CVE-2019-15142: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.
CVE-2019-15145: DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
CVE-2019-15144: In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.
CVE-2019-18804: DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.

Please fix them.

Created: 2019-08-18 Last update: 2019-11-27 09:06

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-11-03 Last update: 2018-11-03 08:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.4.1).

Created: 2020-01-21 Last update: 2020-01-21 05:06

news

[rss feed]

[2019-11-27] djvulibre 3.5.27.1-14 MIGRATED to testing (Debian testing watch)
[2019-11-21] Accepted djvulibre 3.5.27.1-14 (source) into unstable (Barak A. Pearlmutter)
[2019-11-08] Accepted djvulibre 3.5.25.4-4+deb8u2 (source amd64 all) into oldoldstable (Chris Lamb)
[2019-09-16] djvulibre 3.5.27.1-13 MIGRATED to testing (Debian testing watch)
[2019-09-11] Accepted djvulibre 3.5.27.1-13 (source) into unstable (Barak A. Pearlmutter)
[2019-08-29] Accepted djvulibre 3.5.25.4-4+deb8u1 (source amd64 all) into oldoldstable (Thorsten Alteholz)
[2019-08-15] djvulibre 3.5.27.1-12 MIGRATED to testing (Debian testing watch)
[2019-08-10] Accepted djvulibre 3.5.27.1-12 (source) into unstable (Barak A. Pearlmutter)
[2019-06-06] Accepted djvulibre 3.5.27.1-11 (source all amd64) into unstable (Barak A. Pearlmutter)
[2018-11-08] djvulibre 3.5.27.1-10 MIGRATED to testing (Debian testing watch)
[2018-11-02] Accepted djvulibre 3.5.27.1-10 (source all amd64) into unstable (Barak A. Pearlmutter)
[2018-05-06] djvulibre 3.5.27.1-9 MIGRATED to testing (Debian testing watch)
[2018-04-30] Accepted djvulibre 3.5.27.1-9 (source all amd64) into unstable (Barak A. Pearlmutter)
[2017-10-14] djvulibre 3.5.27.1-8 MIGRATED to testing (Debian testing watch)
[2017-10-09] Accepted djvulibre 3.5.27.1-8 (source all amd64) into unstable (Barak A. Pearlmutter)
[2016-11-09] djvulibre 3.5.27.1-7 MIGRATED to testing (Debian testing watch)
[2016-11-03] Accepted djvulibre 3.5.27.1-7 (source all amd64) into unstable (Barak A. Pearlmutter)
[2016-08-24] djvulibre 3.5.27.1-6 MIGRATED to testing (Debian testing watch)
[2016-08-18] Accepted djvulibre 3.5.27.1-6 (source all amd64) into unstable (Barak A. Pearlmutter)
[2015-11-30] djvulibre 3.5.27.1-5 MIGRATED to testing (Britney)
[2015-11-24] Accepted djvulibre 3.5.27.1-5 (source amd64 all) into unstable (Barak A. Pearlmutter)
[2015-11-03] djvulibre 3.5.27.1-4 MIGRATED to testing (Britney)
[2015-10-28] Accepted djvulibre 3.5.27.1-4 (source amd64 all) into unstable (Barak A. Pearlmutter)
[2015-08-22] djvulibre 3.5.27.1-3 MIGRATED to testing (Britney)
[2015-08-16] Accepted djvulibre 3.5.27.1-3 (source amd64 all) into unstable (Barak A. Pearlmutter)
[2015-07-07] djvulibre 3.5.27.1-2 MIGRATED to testing (Britney)
[2015-07-01] Accepted djvulibre 3.5.27.1-2 (source amd64 all) into unstable (Barak A. Pearlmutter)
[2015-05-11] djvulibre 3.5.27.1-1 MIGRATED to testing (Britney)
[2015-05-05] Accepted djvulibre 3.5.27.1-1 (source amd64 all) into unstable (Barak A. Pearlmutter)
[2015-02-12] Accepted djvulibre 3.5.27-0pre1 (source amd64 all) into experimental (Barak A. Pearlmutter)

bugs [bug history graph]

all: 13
RC: 0
I&N: 7
M&W: 6
F&P: 0
patch: 2

links

homepage
lintian (0, 1)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.5.27.1-14build1
5 bugs