-
djvulibre (3.5.27.1-15ubuntu0.1) groovy-security; urgency=medium
* SECURITY UPDATE: Stack overflow
- debian/patches/CVE-2021-3500.patch: prevent recursion in
libdjvu/DjVuPort.cpp, libdjvu/DjVuPort.h.
- CVE-2021-3500
* SECURITY UPDATE: Out of bounds write
- debian/patches/CVE-2021-32490.patch: add checks to
libdjvu/IW44Image.cpp.
- CVE-2021-32490
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2021-32491.patch: check for overflow in
tools/ddjvu.cpp.
- CVE-2021-32491
* SECURITY UPDATE: Out of bounds read
- debian/patches/CVE-2021-32492.patch: check pool in
libdjvu/DataPool.cpp.
- CVE-2021-32492
* SECURITY UPDATE: Heap buffer overflow
- debian/patches/CVE-2021-32493.patch: check row size in
libdjvu/GBitmap.cpp.
- CVE-2021-32493
* debian/patches: rename debian-changes to changes.patch to simplify
maintenance.
-- Marc Deslauriers <email address hidden> Mon, 17 May 2021 09:16:38 -0400
-
djvulibre (3.5.27.1-15) unstable; urgency=medium
* bump to debhelper 13
* bump policy version
* track upstream including libtiff bug fix (closes: #962779)
-- Barak A. Pearlmutter <email address hidden> Wed, 22 Jul 2020 15:18:20 +0100
-
djvulibre (3.5.27.1-14build1) focal; urgency=medium
* No-change rebuild for libgcc-s1 package name change.
-- Matthias Klose <email address hidden> Sat, 21 Mar 2020 13:26:59 +0100
