Back to zbar PTS page

Accepted zbar 0.23.92-9 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted zbar 0.23.92-9 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 30 Nov 2023 11:34:35 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: zbar_0.23.92-9_source.changes
Debian-source: zbar
Debian-suite: unstable
Debian-version: 0.23.92-9
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=QHDAXXgcHVfZ/9XGy7KoxSECLIcjKSiKQtNHWvsDNTk=; b=GdJBLdM6hEpguKbeEyRd1JASXI oDIWxT+7LMehXMyqwkCPNxW5dCSV5qbnjlNDcJOjHowzWd3cEHtVNeIfAx1Ckg/Ws77RP7cBiRsCG upoa/kpOlmiixDx0xR43DgVWsI4AzjE+VlQmFvFlxX4QUv2Kw+qBJsDBD5Xp2zP6tGJ2LXPduQWKr XsgsVLJONJRndHVuGWE1dxi160ThJdS84tm4G3n6RKj6iOxKySUqedppsYFL1LP1qrqAFaDO988GO uY9SUDXb0VSl/qlE++Zi9wsqLPaLaBzZtLYHU4Mx/kYSdSIhNO1B9u66tGqphJaO2JJ53OJ69xx84 cWtFhAtA==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1r8fJT-006hsz-4Y@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 30 Nov 2023 11:19:08 +0000
Source: zbar
Architecture: source
Version: 0.23.92-9
Distribution: unstable
Urgency: high
Maintainer: Boyuan Yang <byang@debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1051724
Changes:
 zbar (0.23.92-9) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix two security bug (Closes: #1051724):
     - Fix CVE-2023-40889: A heap-based buffer overflow existed
       in the qr_reader_match_centers function.
       Specially crafted QR codes may lead to information disclosure
       and/or arbitrary code execution. To trigger this
       vulnerability, an attacker can digitally input the
       malicious QR code, or prepare it to be physically scanned
       by the vulnerable scanner.
     - Fix CVE-2023-40890: A stack overflow was present in lookup_sequence
       function of ZBar 0.23.90. Specially crafted QR codes may lead
       to information disclosure and/or arbitrary code execution.
       To trigger this vulnerability, an attacker can digitally input
       the malicious QR code, or prepare it to be physically scanned
       by the vulnerable scanner.
Checksums-Sha1:
 4c881f8e8b288c4bd93b264cab966bb89dce5968 2798 zbar_0.23.92-9.dsc
 9ca55693d7466a57fd76846506fcc28f31437489 13952 zbar_0.23.92-9.debian.tar.xz
 0a717124397c09e8e8774b4609396fe5d6facb79 23513 zbar_0.23.92-9_amd64.buildinfo
Checksums-Sha256:
 2032db98c18162e57da823fbdfcca2a8c2df77d14092546e020591203059b30c 2798 zbar_0.23.92-9.dsc
 54494d1e17adbda88231cd9a8790cadc92633af8fd579c34ae0e1cebd13c2dd8 13952 zbar_0.23.92-9.debian.tar.xz
 0f0330259c9efa500f8d41361b5c065369861e8dd559a5a7dae9825222531b38 23513 zbar_0.23.92-9_amd64.buildinfo
Files:
 2fece9f42b95098a18770bb4cffba7d7 2798 libs optional zbar_0.23.92-9.dsc
 8c7f8f21b640efbaa2196fc032b83af7 13952 libs optional zbar_0.23.92-9.debian.tar.xz
 1ce4a9f47c4a09a77c3c39d8346713d5 23513 libs optional zbar_0.23.92-9_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmVocb8RHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9afQ//axbc/HyR+RdY/673YgBN4CZownvrcTxY
RHKoKHku906YDFjiQBJcvLrdLTkc0BfZvI6qqn6jG5tAIMLLxadzVvzDEG+rzDhN
NKpR1vwV82i6oZdjljXyimK8ibB672ghEEShmgrr9TpayMAMxQPGtwwfWmgnF9r4
2ZVdF7PqPR7Fpugo5fIaY1W/H/G21u/i1PqouinWjb9MQbhu5kx8+VozPjlunGaq
c570Kz0n3WlFhalmLo+Hm5hX5O++v1/uFFUNcTj4HnmYi+6YZbfB9fJAx3nMHW6E
HpNm6av2XkMVrWPqYLuE4PBpmwnBTrlY+5UOF4iRQVIbsyOv3z7ZCeo8nLN5S1Kd
dhAkPxcP30DsZs5UHwnet95he6A6SKAU7fQgmfJWFcfP0SHnvd7IkJaOlnXJ8ahj
zIBTYNhQp2iIY1F2Ak0DSvYDNLeFaUg8d5VXIXCoCWKxpqfGKYx5RAxwdhtozkkp
7Ulp4Z26U8emtFwKzm2ab0Dek+efJfBk7h99fTtebowXpuqHYRqe2HQERbEaNZQH
pxaPiVklzcqybRO1K4mumDjo2s5Kiskf1GmUizyQrT7iGxiGZ4BiBRvDSD1/IKR9
BEUM0VA79Wsb5h4WRVcIPFxSETdlqzLQj+C8K97TJl3jqr0Lcomvz3yoODjmOATg
NmLJHI6PZy4=
=u8I0
-----END PGP SIGNATURE-----