libwebp 0.6.1-2ubuntu0.20.10.1 source package in Ubuntu

Changelog

libwebp (0.6.1-2ubuntu0.20.10.1) groovy-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow in GetLE16() and GetLE24()
    - debian/patches/CVE-2018-25009.patch: check data_size in
      src/mux/muxread.c.
    - CVE-2018-25009
    - CVE-2018-25012
  * SECURITY UPDATE: heap-based buffer overflow in ApplyFilter()
    - debian/patches/CVE-2018-25010.patch: limit the filter size in
      src/utils/quant_levels_dec_utils.c.
    - CVE-2018-25010
  * SECURITY UPDATE: heap-based buffer overflow in PutLE16()
    - debian/patches/CVE-2018-25011.patch: limit number of image chunks in
      src/mux/muxread.c.
    - CVE-2018-25011
  * SECURITY UPDATE: heap-based buffer overflow in ShiftBytes() and in
    ReadSymbol()
    - debian/patches/CVE-2018-25013_4.patch: wait for all threads to be
      done in DecodeRemaining in src/dec/idec_dec.c.
    - CVE-2018-25013
    - CVE-2018-25014
  * SECURITY UPDATE: heap-based buffer overflow in WebPDecode*Into functions
    - debian/patches/CVE-2020-36328.patch: fix buffer size check in
      src/dec/buffer_dec.c.
    - CVE-2020-36328
  * SECURITY UPDATE: use-after-free in EmitFancyRGB()
    - debian/patches/CVE-2020-36329.patch: fix thread race
      heap-use-after-free in src/dec/idec_dec.c.
    - CVE-2020-36329
  * SECURITY UPDATE: heap-based buffer overflow in ChunkVerifyAndAssign()
    - debian/patches/CVE-2020-36330.patch: fix riff size checks in
      src/mux/muxread.c.
    - CVE-2020-36330
  * SECURITY UPDATE: heap-based buffer overflow in ChunkAssignData()
    - debian/patches/CVE-2020-36331.patch: validate chunk_size in
      src/mux/muxi.h, src/mux/muxread.c.
    - CVE-2020-36331
  * SECURITY UPDATE: extreme memory allocation when reading a file
    - debian/patches/CVE-2020-36332-pre1.patch: limit memory allocation
      when reading invalid Huffman codes in src/dec/vp8l_dec.c.
    - debian/patches/CVE-2020-36332.patch: better handling of bogus Huffman
      codes in src/dec/vp8l_dec.c.
    - CVE-2020-36332

 -- Marc Deslauriers <email address hidden>  Thu, 20 May 2021 07:52:26 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Groovy
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
libwebp_0.6.1.orig.tar.gz 3.4 MiB a86045e3ec24704bddbaa369ca30980d6bf4f2625f4cdca03715e91f9c08bbb4
libwebp_0.6.1-2ubuntu0.20.10.1.debian.tar.xz 16.4 KiB 207f28e8ce7611ef7435a117c82cf2db1ccdc14b187b8be58a2a561836e06fc8
libwebp_0.6.1-2ubuntu0.20.10.1.dsc 2.1 KiB 3f1cd5cc439deff2bfa4fd1f6a97ca5717292046f2b0ac199918e844f896f3a3

View changes file

Binary packages built by this source

libwebp-dev: No summary available for libwebp-dev in ubuntu groovy.

No description available for libwebp-dev in ubuntu groovy.

libwebp6: No summary available for libwebp6 in ubuntu groovy.

No description available for libwebp6 in ubuntu groovy.

libwebp6-dbgsym: No summary available for libwebp6-dbgsym in ubuntu groovy.

No description available for libwebp6-dbgsym in ubuntu groovy.

libwebpdemux2: No summary available for libwebpdemux2 in ubuntu groovy.

No description available for libwebpdemux2 in ubuntu groovy.

libwebpdemux2-dbgsym: No summary available for libwebpdemux2-dbgsym in ubuntu groovy.

No description available for libwebpdemux2-dbgsym in ubuntu groovy.

libwebpmux3: No summary available for libwebpmux3 in ubuntu groovy.

No description available for libwebpmux3 in ubuntu groovy.

libwebpmux3-dbgsym: No summary available for libwebpmux3-dbgsym in ubuntu groovy.

No description available for libwebpmux3-dbgsym in ubuntu groovy.

webp: No summary available for webp in ubuntu groovy.

No description available for webp in ubuntu groovy.

webp-dbgsym: No summary available for webp-dbgsym in ubuntu groovy.

No description available for webp-dbgsym in ubuntu groovy.