Accepted leptonlib 1.76.0-1+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 18 Apr 2021 10:03:02 +0200
Source: leptonlib
Architecture: source
Version: 1.76.0-1+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Jeff Breidenbach <jab@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 985089
Changes:
leptonlib (1.76.0-1+deb10u1) buster; urgency=medium
.
* Non-maintainer upload by the LTS Team.
(Closes: #985089)
* CVE-2020-36277
denial of service (application crash) via an incorrect left
shift in pixConvert2To8 in pixconv.c
* CVE-2020-36278
heap-based buffer over-read in findNextBorderPixel in ccbord.c
* CVE-2020-36279
heap-based buffer over-read in rasteropGeneralLow, related to
adaptmap_reg.c and adaptmap.c
* CVE-2020-36280
heap-based buffer over-read in pixReadFromTiffStream, related
to tiffio.c.
* CVE-2020-36281
heap-based buffer over-read in pixFewColorsOctcubeQuantMixed
in colorquant1.c
Checksums-Sha1:
68a6cdaf0732ea26073325487c1ee6aa9dc438d5 2135 leptonlib_1.76.0-1+deb10u1.dsc
56f0f0f059f158dd92e9a46343dca7cfa5b0ad39 7932 leptonlib_1.76.0-1+deb10u1.debian.tar.xz
4a689ae59295fc390e350e25f263770504366cad 7622 leptonlib_1.76.0-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
6a5ecd2fd3e1d758b6e38d65a209a3db363d3309c39153485a37f6595037e60b 2135 leptonlib_1.76.0-1+deb10u1.dsc
3dc370ff39359c9886c89f3f1059cf4d5627c6c42c4dba73aafca4dac98ae4fb 7932 leptonlib_1.76.0-1+deb10u1.debian.tar.xz
2ad0339b2cd5f152c66a7bc2769ef44bc278ae4fa4e32d461217736c22338da8 7622 leptonlib_1.76.0-1+deb10u1_amd64.buildinfo
Files:
d69b0f77a60cd4a02e2673e771b8dba7 2135 graphics optional leptonlib_1.76.0-1+deb10u1.dsc
e9e6ce12df71f5cf2c41b560a36ada7b 7932 graphics optional leptonlib_1.76.0-1+deb10u1.debian.tar.xz
222751f864b207a7381141b79b5443c6 7622 graphics optional leptonlib_1.76.0-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmGz7DpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRwOFEACrXMbOJlNO8dbul+r0MQ37OekGHnUl
UmV2JkSvtEQ+ZFcqA6jDDAhwdM9JQO7BoSm2H/lLlFWdENLCcqSaEVLlqubjpgkI
D/88XE1h1eT+rg4b1RI3nS7bzFFff3chfj76IukwWyjgZbI84tqg0RfK0qeUgr5/
DqUdZZQCiePGyKaSnMYHmqNn6+BwO4hCWX7DPMQWMlbnUytRSgYenGH+668xl6EY
e7bDVRitOJsnzoVrgDHlEZ5yGhO+BTR4RFjyUzLCg5f8t3PuO1ZFD95h61uI+9kQ
LDuAioN2AbEwYfkn7Szlcq2HhFxHSpxMcX365thdRt+xNWZNN9wYfSLriLOB+GTV
tSpFMyGcva8k4NY4KLrhSH6Q7GkRbKx+snVO3/iGJnF2sOwjwIkJsMMuiWTVx3x8
t5uqVz/UGD6AJ9bjkRH6gPiLsO9f3UNia3X76j2OWSaQK8tPP5RvVdDrl6N7qFYS
rMrP5clisYyHN/s+v4f7SryxGqV8fYJArf193ELK5yqTJup7EsmKWMft37jGmqxw
dICt6eicyDuzwXAiwOn4dJ2BbeZ7wymPaDR8U3x5SnFtSVpQHLz8PcZYiQsLrPwk
K+aUgLK+IfzbjFPNixSg3QCjZEW+eD5SRWxwbbR/0i2JDZfX30gDk96VhBdHVSGv
vvUIBksHIUTKMQ==
=AKZU
-----END PGP SIGNATURE-----