Accepted libstb 0.0~git20180212.15.e6afb9c-1+deb10u1 (source) into oldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted libstb 0.0~git20180212.15.e6afb9c-1+deb10u1 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 31 Jan 2023 21:20:21 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: libstb_0.0~git20180212.15.e6afb9c-1+deb10u1_source.changes
- Debian-source: libstb
- Debian-suite: oldstable
- Debian-version: 0.0~git20180212.15.e6afb9c-1+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=6yXfBESHvEaDlom+VaNeJ4cFxFFjScOCHnvtZ7NLy3Y=; b=HUEGp+4/8gkL3Zp8KyrKtpf9sp QBIRyWtL6CBHbBs+zjrHo+A8WESA+L2dV5I/cGg0nwdVFSz67og6Q82orI2Bqs5uwXdkfSkmbTAW3 kiDmPDY/cs//qn+1msVbqw5m/0A+u8U6b8aPjSFDytWngizWyQcQtuVGNx8K3D0j1aN1t87yL0W5j CTvRUKB2bO7hkRybvFvQu7sp3n0kGhXGI3CISEUOqwueBt8tD9VXQK2dtFJZo+1MSOqL7xbq0QLcy YIhfJH0tePrFvbFkCioQYFobr2dNe0M8u600DcOEGjDMCYdobGMI+U+nxBayZVR898pSKf+dxKy61 HwsZSWQQ==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1pMy3B-008L8f-51@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 31 Jan 2023 22:02:19 +0200
Source: libstb
Architecture: source
Version: 0.0~git20180212.15.e6afb9c-1+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Yangfl <mmyangfl@gmail.com>
Changed-By: Adrian Bunk <bunk@debian.org>
Changes:
libstb (0.0~git20180212.15.e6afb9c-1+deb10u1) buster-security; urgency=medium
.
* Non-maintainer upload by the LTS team.
* CVE-2018-16981: Heap-based buffer overflow in stbi__out_gif_code().
* CVE-2019-13217: Heap buffer overflow in the Vorbis start_decoder().
* CVE-2019-13218: Division by zero in the Vorbis predict_point().
* CVE-2019-13219: NULL pointer dereference in the Vorbis get_window().
* CVE-2019-13220: Uninitialized stack variables in the Vorbis
start_decoder().
* CVE-2019-13221: Buffer overflow in the Vorbis compute_codewords().
* CVE-2019-13222: Out-of-bounds read of a global buffer in the Vorbis
draw_line().
* CVE-2019-13223: Reachable assertion in the Vorbis lookup1_values().
* CVE-2021-28021: Buffer overflow in stbi__extend_receive().
* CVE-2021-37789: Heap-based buffer overflow in stbi__jpeg_load().
* CVE-2021-42715: The HDR loader parsed truncated end-of-file RLE
scanlines as an infinite sequence of zero-length runs.
* CVE-2022-28041: Integer overflow in stbi__jpeg_decode_block_prog_dc().
* CVE-2022-28042: Heap-based use-after-free in stbi__jpeg_huff_decode().
Checksums-Sha1:
5b67bd09bec77f2aff71b281c7d3bd9696b71b0d 2033 libstb_0.0~git20180212.15.e6afb9c-1+deb10u1.dsc
c9623a4569783da9bc9e649a63052f7f2bc869a6 1326637 libstb_0.0~git20180212.15.e6afb9c.orig.tar.gz
bd6fc7269e0b060a961d0d1facc38fa6ccfce11d 14304 libstb_0.0~git20180212.15.e6afb9c-1+deb10u1.debian.tar.xz
Checksums-Sha256:
3fd7c442f236c81502224e0579a081f6fd920c41abfc68813e0e10cf8d439ad2 2033 libstb_0.0~git20180212.15.e6afb9c-1+deb10u1.dsc
b9bef733704658e78239b156550066cd4253a5fa1b4cbf09a1a2a39f3f3ceb3a 1326637 libstb_0.0~git20180212.15.e6afb9c.orig.tar.gz
f6e9ee110ce2445e2c18f1b9e61920e896c1f2d1edbd712230341fee5173ff36 14304 libstb_0.0~git20180212.15.e6afb9c-1+deb10u1.debian.tar.xz
Files:
0db5eebc049de1b701161f9000786cdf 2033 libs optional libstb_0.0~git20180212.15.e6afb9c-1+deb10u1.dsc
fd60dac95c93b25abfee43ae7db6b99e 1326637 libs optional libstb_0.0~git20180212.15.e6afb9c.orig.tar.gz
19b20d695ebf90477e6e21e68c9797b6 14304 libs optional libstb_0.0~git20180212.15.e6afb9c-1+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmPZglwACgkQiNJCh6LY
mLEs1Q/9EW0VGSYeHFXAdsdrvKVt3SmvRzTt8Nz33U0rTD1T5f6tzM197on/B2tX
2GDbNsIRDdVDRHvF8iPZ33/VZ9/Hb3o7VGv1zxzoAIbQ1DCiKXskoDGzD3mxny5m
KSvmSGPfTXBIoz9eeY0K2KVMYjqzLGOhn976Rm4bHoFTRKISnpzB466MgU+aI3JU
DwDI8V827YjpNEzTgGKEkDS0ysytzX+5ao+bY6Ui6sfym9F2qB3ZKWYAeG6gKdqL
lb9XCfA5x07UXO4fX6fErNjxfLeCpNbd2tjE4o4jIBebhBBenHo2hkpla/DFb++p
rctBpG2HjpCY+PGQmaflpkdI/7kaPTH0p7cE5O31cx0aj+3KQoJpnXqp1FJPvZoM
5mRrPSAc+dKouE6jmCZpRDIqLVGIhzEXUC4bEqMWn7vpe3kySj5EA2+34IJfZMrE
4tsSKYFOiXikbkZagdlfw7QACpSizwP26aROXQnFXCTyBY7c1jV8/XwEeo48Lf1m
zbZCn9XGXXcpKKZCzDesFLUiTIa2qiQ15keSROigmO1XD+1a8kwm64svedQrjrxi
BercrkefcGuEPDxr9kJiHtyjj1FPvmguXVRC/S6yau+2YgQWPte95O6Kbc2hSoAO
4cAVrZcZG7ppnN/3ogkID7/H98hWrah/Cttxm0pw3QoUL93z4yc=
=beC3
-----END PGP SIGNATURE-----