Debian Package Tracker
Register | Log in
Subscribe

djvulibre

Choose email to subscribe with

general
  • source: djvulibre (main)
  • version: 3.5.27.1-14
  • maintainer: Barak A. Pearlmutter (DMD) (LowNMU)
  • uploaders: Leon Bottou [DMD]
  • arch: all any
  • std-ver: 4.4.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 3.5.25.4-4
  • o-o-sec: 3.5.25.4-4+deb8u2
  • oldstable: 3.5.27.1-7
  • stable: 3.5.27.1-10
  • testing: 3.5.27.1-14
  • unstable: 3.5.27.1-14
versioned links
  • 3.5.25.4-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.5.25.4-4+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.5.27.1-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.5.27.1-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.5.27.1-14: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • djview
  • djview3
  • djvulibre-bin (8 bugs: 0, 4, 4, 0)
  • djvulibre-desktop
  • djvuserve
  • libdjvulibre-dev
  • libdjvulibre-text
  • libdjvulibre21 (2 bugs: 0, 2, 0, 0)
action needed
2 bugs tagged patch in the BTS normal
The BTS contains patches fixing 2 bugs, consider including or untagging them.
Created: 2019-04-01 Last update: 2019-12-08 20:31
Depends on packages which need a new maintainer normal
The packages that djvulibre depends on which need a new maintainer are:
  • apache2 (#910917)
    • Recommends: apache2
  • pdf2djvu (#945185)
    • Recommends: pdf2djvu
Created: 2019-11-22 Last update: 2019-12-08 19:39
Multiarch hinter reports 1 issue(s) low
There are issues with the multiarch metadata for this package.
  • djvulibre-desktop could be marked Multi-Arch: foreign
Created: 2016-09-14 Last update: 2019-12-08 15:07
5 ignored security issues in buster low
There are 5 open security issues in buster.
5 issues skipped by the security teams:
  • CVE-2019-15143: In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.
  • CVE-2019-15142: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.
  • CVE-2019-15145: DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
  • CVE-2019-15144: In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.
  • CVE-2019-18804: DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.
Please fix them.
Created: 2019-08-18 Last update: 2019-11-27 09:06
5 ignored security issues in stretch low
There are 5 open security issues in stretch.
5 issues skipped by the security teams:
  • CVE-2019-15143: In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.
  • CVE-2019-15142: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.
  • CVE-2019-15145: DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
  • CVE-2019-15144: In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.
  • CVE-2019-18804: DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.
Please fix them.
Created: 2019-08-18 Last update: 2019-11-27 09:06
Build log checks report 1 warning low
Build log checks report 1 warning
Created: 2018-11-03 Last update: 2018-11-03 08:00
news
[rss feed]
  • [2019-11-27] djvulibre 3.5.27.1-14 MIGRATED to testing (Debian testing watch)
  • [2019-11-21] Accepted djvulibre 3.5.27.1-14 (source) into unstable (Barak A. Pearlmutter)
  • [2019-11-08] Accepted djvulibre 3.5.25.4-4+deb8u2 (source amd64 all) into oldoldstable (Chris Lamb)
  • [2019-09-16] djvulibre 3.5.27.1-13 MIGRATED to testing (Debian testing watch)
  • [2019-09-11] Accepted djvulibre 3.5.27.1-13 (source) into unstable (Barak A. Pearlmutter)
  • [2019-08-29] Accepted djvulibre 3.5.25.4-4+deb8u1 (source amd64 all) into oldoldstable (Thorsten Alteholz)
  • [2019-08-15] djvulibre 3.5.27.1-12 MIGRATED to testing (Debian testing watch)
  • [2019-08-10] Accepted djvulibre 3.5.27.1-12 (source) into unstable (Barak A. Pearlmutter)
  • [2019-06-06] Accepted djvulibre 3.5.27.1-11 (source all amd64) into unstable (Barak A. Pearlmutter)
  • [2018-11-08] djvulibre 3.5.27.1-10 MIGRATED to testing (Debian testing watch)
  • [2018-11-02] Accepted djvulibre 3.5.27.1-10 (source all amd64) into unstable (Barak A. Pearlmutter)
  • [2018-05-06] djvulibre 3.5.27.1-9 MIGRATED to testing (Debian testing watch)
  • [2018-04-30] Accepted djvulibre 3.5.27.1-9 (source all amd64) into unstable (Barak A. Pearlmutter)
  • [2017-10-14] djvulibre 3.5.27.1-8 MIGRATED to testing (Debian testing watch)
  • [2017-10-09] Accepted djvulibre 3.5.27.1-8 (source all amd64) into unstable (Barak A. Pearlmutter)
  • [2016-11-09] djvulibre 3.5.27.1-7 MIGRATED to testing (Debian testing watch)
  • [2016-11-03] Accepted djvulibre 3.5.27.1-7 (source all amd64) into unstable (Barak A. Pearlmutter)
  • [2016-08-24] djvulibre 3.5.27.1-6 MIGRATED to testing (Debian testing watch)
  • [2016-08-18] Accepted djvulibre 3.5.27.1-6 (source all amd64) into unstable (Barak A. Pearlmutter)
  • [2015-11-30] djvulibre 3.5.27.1-5 MIGRATED to testing (Britney)
  • [2015-11-24] Accepted djvulibre 3.5.27.1-5 (source amd64 all) into unstable (Barak A. Pearlmutter)
  • [2015-11-03] djvulibre 3.5.27.1-4 MIGRATED to testing (Britney)
  • [2015-10-28] Accepted djvulibre 3.5.27.1-4 (source amd64 all) into unstable (Barak A. Pearlmutter)
  • [2015-08-22] djvulibre 3.5.27.1-3 MIGRATED to testing (Britney)
  • [2015-08-16] Accepted djvulibre 3.5.27.1-3 (source amd64 all) into unstable (Barak A. Pearlmutter)
  • [2015-07-07] djvulibre 3.5.27.1-2 MIGRATED to testing (Britney)
  • [2015-07-01] Accepted djvulibre 3.5.27.1-2 (source amd64 all) into unstable (Barak A. Pearlmutter)
  • [2015-05-11] djvulibre 3.5.27.1-1 MIGRATED to testing (Britney)
  • [2015-05-05] Accepted djvulibre 3.5.27.1-1 (source amd64 all) into unstable (Barak A. Pearlmutter)
  • [2015-02-12] Accepted djvulibre 3.5.27-0pre1 (source amd64 all) into experimental (Barak A. Pearlmutter)
  • 1
  • 2
bugs [bug history graph]
  • all: 13
  • RC: 0
  • I&N: 7
  • M&W: 6
  • F&P: 0
  • patch: 2
links
  • homepage
  • buildd: logs, checks, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • security tracker
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 3.5.27.1-14
  • 5 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing