Accepted djvulibre 3.5.27.1-7+deb9u1 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 25 May 2021 18:02:31 +0200
Source: djvulibre
Binary: libdjvulibre-dev libdjvulibre21 libdjvulibre-text djvulibre-dbg djvulibre-desktop djview djview3 djvuserve djvulibre-bin
Architecture: source
Version: 3.5.27.1-7+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Barak A. Pearlmutter <bap@debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
djview - Transition package, djview3 to djview4
djview3 - Transition package, djview3 to djview4
djvulibre-bin - Utilities for the DjVu image format
djvulibre-dbg - Debug symbols for the DjVu image format
djvulibre-desktop - Desktop support for the DjVu image format
djvuserve - CGI program for unbundling DjVu files on the fly
libdjvulibre-dev - Development files for the DjVu image format
libdjvulibre-text - Linguistic support files for libdjvulibre
libdjvulibre21 - Runtime support for the DjVu image format
Changes:
djvulibre (3.5.27.1-7+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2019-15142: heap-buffer-overflow when reading a crafted file
* CVE-2019-15143: infinite loop that can be triggered by crafted file
* CVE-2019-15144: stack-overflow error when processing a crafted file
* CVE-2019-15145: invalid read error when reading a crafted file
* CVE-2019-18804: NULL pointer dereference issue in the IW44 encoder/decoder
* CVE-2021-3500: stack overflow in DJVU::DjVuDocument::get_djvu_file()
* CVE-2021-32490: out of bounds write in function DJVU::filter_bv()
* CVE-2021-32491: integer overflow in function render() in tools/ddjvu
* CVE-2021-32492: out of bounds read in function DJVU::DataPool::has_data()
* CVE-2021-32493: heap buffer overflow in function DJVU::GBitmap::decode()
Checksums-Sha1:
e2e3c006f6a3bbd55a522d3f872f920279d76bde 2501 djvulibre_3.5.27.1-7+deb9u1.dsc
b9619541900ca31e428c4f33a5f07754a5463d54 3231662 djvulibre_3.5.27.1.orig.tar.gz
f9e228221349301ee3b3398283079073358c4cc4 57992 djvulibre_3.5.27.1-7+deb9u1.debian.tar.xz
41029c33655fee51ba68effe880b7529a19777be 10452 djvulibre_3.5.27.1-7+deb9u1_amd64.buildinfo
Checksums-Sha256:
73b81f6a1f4cd960783d7830bd670defdb87172321f594a53857831077792db6 2501 djvulibre_3.5.27.1-7+deb9u1.dsc
77f07de3f1039aa19eba2eb3170d9ce9a0918ba7b704a59cfaf08f42fcc52144 3231662 djvulibre_3.5.27.1.orig.tar.gz
6362b83776e1fc56e13baeb3b2a864460f02c3e670c830a6fd84844fb17b3870 57992 djvulibre_3.5.27.1-7+deb9u1.debian.tar.xz
f931b5413a3646d3dd580bfd4d3d2163df7bbe6ed4da686121a45f6797faff1d 10452 djvulibre_3.5.27.1-7+deb9u1_amd64.buildinfo
Files:
69abd065b0018c84ad9df2b122c4c81c 2501 libs optional djvulibre_3.5.27.1-7+deb9u1.dsc
b0a64659af0424745f72daa014407616 3231662 libs optional djvulibre_3.5.27.1.orig.tar.gz
ec572ecd35dcb24343df3b509baa53fe 57992 libs optional djvulibre_3.5.27.1-7+deb9u1.debian.tar.xz
4d9d5077877c2670a197fce270f4ccd4 10452 libs optional djvulibre_3.5.27.1-7+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmCuZQQACgkQDTl9HeUl
XjB9eg/9EBxhJtdiqux7nOvt3T0/AaHwpOqK7mHCSLwvDTdpRJl+nDWpLRjV69zO
67jP94EcaEVEJEH3nrl587mj/6cMY/J0iFD/SLy2MYj8cwy7pjPPo5uSix2HG5gk
WEwZ9RL7J4pRjSGv2/ZiNbyZWBUlp7RPIbltYobEq3AywWAfhcXiOENKPzG1s492
RSV6mpm3kSLMojLT8RSWOM/j2X2GlKFyVk4q45EQaFVDHeK1IXJiMg9gULY5vENI
BX9KzlpwsCExOZjYFc6SMbLd5rf9AIK+3KLCd+IuWsEMY17w3DWKaCuobAZViTtZ
Jv4oeCwabsRLanMpfQvipOVQIb/6h3nsLrbw7SRd39bpk3L0SAaxToqj8WxkuqIP
Uv1DKgne/DLH9Y4IXMtDmCX2G9X+R2HJ/QFvkT2IX2EWoCAiFwOFMf9Btyhn+6PQ
Dz8WK3tND+Zo5JOA0bgdtiWjSv3P3hLfiqbNMaaitN0TiTmT/kAPGxeDuyDEl+6E
a5Evkx3h4dsQJ7SiEPyCQsfM7UPQRdTIswa+2RQT8LcZ3UIyZ2sqya9KylS/Ssqv
NF23HhKGAf6IK8yRWFndZMOBydXcJC7fv7DZcq928eFf+PEFavYX6H28nR/f+iF4
eFILUCz1OVF4S0QmWuMG73KVqNNJx7AhFICerE16dCTQuhTv58w=
=mL8b
-----END PGP SIGNATURE-----