Accepted zbar 0.22-1+deb10u1 (source) into oldoldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted zbar 0.22-1+deb10u1 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 30 Nov 2023 12:30:19 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: zbar_0.22-1+deb10u1_source.changes
- Debian-source: zbar
- Debian-suite: oldoldstable
- Debian-version: 0.22-1+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=i8Qxm+cgTu/ciz+LR5MwX69fF4qpvO9KMyh/+LPFtDQ=; b=i9BIYoCZ+XfxtNyMgzHoLo6b3O N4sTIWO0GAeJYfNl4R+bUSKwjSfPcfuBrw7us6I+Ls/9LHwMGImcD705J/bjvW4cs99zbK+2SF38x vjQuaZCPKmanu6Rnpf4ggXkCrOpNpczB/nrkDUGhH/4bAy57RDp5Vh+dWQxq20KJC39W6N36XCmnt 8Kf9ucfQBQF/t31/uRIXyhLZi7JdNCg33nFb1A/+OYbDB9euAmjWzqkz4Xxj7Ymw7ZlxcqnpgcLi/ dI9STVHuwNkQGQy5+/sqdwxr6XuMJee0kQy2jHbJVtJU9OEoHZveycI12/En7AvUQE95B0vD8dDy3 HIE2MDwA==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1r8gBP-00F4PZ-Cs@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 30 Nov 2023 11:19:08 +0000
Source: zbar
Architecture: source
Version: 0.22-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1051724
Changes:
zbar (0.22-1+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix two security bug (Closes: #1051724):
- Fix CVE-2023-40889: A heap-based buffer o verflow existed
in the qr_reader_match_centers function.
Specially crafted QR codes may lead to information disclosure
and/or arbitrary code execution. To trigger this
vulnerability, an attacker can digitally input the
malicious QR code, or prepare it to be physically scanned
by the vulnerable scanner.
- Fix CVE-2023-40890: A stack overflow was present in lookup_sequence
function of ZBar 0.23.90. Specially crafted QR codes may lead
to information disclosure and/or arbitrary code execution.
To trigger this vulnerability, an attacker can digitally input
the malicious QR code, or prepare it to be physically scanned
by the vulnerable scanner.
Checksums-Sha1:
39093d8b88426134be6bd1b7202547624fc89a0d 2514 zbar_0.22-1+deb10u1.dsc
dcb7e74e1e1e40b127924d526be0a4b87c0e128b 959505 zbar_0.22.orig.tar.gz
599fa129b551524b86951ebdb4c99a7dbc2cdc1a 11520 zbar_0.22-1+deb10u1.debian.tar.xz
95ffdd5bf2a83491bc36e56c05eff1f24056dad9 21478 zbar_0.22-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
684fbfee9161c10fcea5a1253ddad54af8ca67b68026934110b809c908baacb9 2514 zbar_0.22-1+deb10u1.dsc
248ac4573a6d3ff533756a26fa16acea47f23dd1c9eb8ef05fc03d88c6069bd4 959505 zbar_0.22.orig.tar.gz
617b9307a43238c7d26cdb5dcddb172805346c5717b76c6a011199284e15e8f2 11520 zbar_0.22-1+deb10u1.debian.tar.xz
df333b0c652d7fa716a680107d302f2ba47d9cfc154ec9c09fcc8ca8ba561398 21478 zbar_0.22-1+deb10u1_amd64.buildinfo
Files:
697a77d79ea5cc994a08046777365367 2514 libs optional zbar_0.22-1+deb10u1.dsc
25ee5ca0176b41d72c5564cc43d5e6f0 959505 libs optional zbar_0.22.orig.tar.gz
6206448a5498cfd4e3b47d69077ab09b 11520 libs optional zbar_0.22-1+deb10u1.debian.tar.xz
46a93e40ff5708371130827f54b95968 21478 libs optional zbar_0.22-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmVofdoRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+jSxAAo+d3ee45YJjb6t5Wv5NlrZJ47W1+sUS0
83xq+ICdJts97GtaD4B4h6PDf6MW7miOmwJEgRqKTDiL6WDTbMDiY+XLqNAvrnR9
3hMKqFJrFTyo3BYPuNo5Mi2NohMY3EYkpAcG/1rrJ6yDKsAcqlR6dOkR5SOQP1Mi
3ZXsMtYLmEehs74iY3iqQDZZC73DD/xw1DNumFcqeETRasKf31I+7eN6S74fzzR6
yXgLo+Yvoy13M49GDYVSmnU+XzeXEw9N0mTgDDWIGIzp8JDjTcmu+A+O0dYSyMLR
qY7dZoHnjGCGplyLngmMbf/dLq1okuHyPJeMN1rifAjVfny3l4dR+cwmWFAGh8NQ
qPv4uwIjxsMZpBpOuOFP7+5bPNexXi2fAVDRkjyfvRmWIfwDZNSInjeldkM7HTvQ
y46QrIE7aPe8RTCpzfOmmq65eyoo6AJD2ICqfJWFnAU2ixgoNyrER+K5n+WLv6bZ
tEoI5P+QHSnugy5DO8w0MGgX7Rg6dTw9y+vZMpwcuK3KNcwhC5uY3Yw16EUxPr6/
Pm736gkygkeD8g6MK9VoZhU/YaoEaAvtzuhSDGnheFj9t2WbZ6RHA4BBo+AwDtQm
j7y6rZJPUqAsMfV74uk0B+XV3g/rlxMaRL8Dqe13UiJ3+uaeCZFhY1YVydWaSTsx
EyThYb0o1DA=
=XIzb
-----END PGP SIGNATURE-----