Format: 1.8 Date: Thu, 20 May 2021 07:52:26 -0400 Source: libwebp Binary: libwebp-dev libwebp6 libwebpmux3 libwebpdemux2 webp Architecture: amd64 Version: 0.6.1-2ubuntu0.18.04.1 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libwebp-dev - Lossy compression of digital photographic images. libwebp6 - Lossy compression of digital photographic images. libwebpdemux2 - Lossy compression of digital photographic images. libwebpmux3 - Lossy compression of digital photographic images. webp - Lossy compression of digital photographic images. Changes: libwebp (0.6.1-2ubuntu0.18.04.1) bionic-security; urgency=medium . * SECURITY UPDATE: heap-based buffer overflow in GetLE16() and GetLE24() - debian/patches/CVE-2018-25009.patch: check data_size in src/mux/muxread.c. - CVE-2018-25009 - CVE-2018-25012 * SECURITY UPDATE: heap-based buffer overflow in ApplyFilter() - debian/patches/CVE-2018-25010.patch: limit the filter size in src/utils/quant_levels_dec_utils.c. - CVE-2018-25010 * SECURITY UPDATE: heap-based buffer overflow in PutLE16() - debian/patches/CVE-2018-25011.patch: limit number of image chunks in src/mux/muxread.c. - CVE-2018-25011 * SECURITY UPDATE: heap-based buffer overflow in ShiftBytes() and in ReadSymbol() - debian/patches/CVE-2018-25013_4.patch: wait for all threads to be done in DecodeRemaining in src/dec/idec_dec.c. - CVE-2018-25013 - CVE-2018-25014 * SECURITY UPDATE: heap-based buffer overflow in WebPDecode*Into functions - debian/patches/CVE-2020-36328.patch: fix buffer size check in src/dec/buffer_dec.c. - CVE-2020-36328 * SECURITY UPDATE: use-after-free in EmitFancyRGB() - debian/patches/CVE-2020-36329.patch: fix thread race heap-use-after-free in src/dec/idec_dec.c. - CVE-2020-36329 * SECURITY UPDATE: heap-based buffer overflow in ChunkVerifyAndAssign() - debian/patches/CVE-2020-36330.patch: fix riff size checks in src/mux/muxread.c. - CVE-2020-36330 * SECURITY UPDATE: heap-based buffer overflow in ChunkAssignData() - debian/patches/CVE-2020-36331.patch: validate chunk_size in src/mux/muxi.h, src/mux/muxread.c. - CVE-2020-36331 * SECURITY UPDATE: extreme memory allocation when reading a file - debian/patches/CVE-2020-36332-pre1.patch: limit memory allocation when reading invalid Huffman codes in src/dec/vp8l_dec.c. - debian/patches/CVE-2020-36332.patch: better handling of bogus Huffman codes in src/dec/vp8l_dec.c. - CVE-2020-36332 Checksums-Sha1: 1509ce18881050f44ea5def48a711bae70c31fc6 267552 libwebp-dev_0.6.1-2ubuntu0.18.04.1_amd64.deb 7e7f8cb0f9017f7638168591de0c0ab86ba4bfba 882944 libwebp6-dbgsym_0.6.1-2ubuntu0.18.04.1_amd64.ddeb efb13346d0a6aceb3e1917da2e5e131ba0edfc9e 186300 libwebp6_0.6.1-2ubuntu0.18.04.1_amd64.deb 52467045d94655f731e71f4f0b5dd768681c8eb9 11287 libwebp_0.6.1-2ubuntu0.18.04.1_amd64.buildinfo d27c8f7470237feb1aa5c341ececbba68941e216 27648 libwebpdemux2-dbgsym_0.6.1-2ubuntu0.18.04.1_amd64.ddeb a90a86e8f9514cb854c3ae627355fe56c08fba96 9476 libwebpdemux2_0.6.1-2ubuntu0.18.04.1_amd64.deb 64f2ba5091fb640e585633f07f3053c7dd1f90e7 62436 libwebpmux3-dbgsym_0.6.1-2ubuntu0.18.04.1_amd64.ddeb 709ea17f2f054048e9a90b2222e3b22b262b563c 19608 libwebpmux3_0.6.1-2ubuntu0.18.04.1_amd64.deb 30527f315e1c209267ecde7c463734ff84f5007b 235656 webp-dbgsym_0.6.1-2ubuntu0.18.04.1_amd64.ddeb ae087c075c2ff22635b2e15c9a6009d659672a72 78512 webp_0.6.1-2ubuntu0.18.04.1_amd64.deb Checksums-Sha256: a1e11af3713e5edb8ba2b5380eb289bd63d302c0be9a752e2020808b3f6e1650 267552 libwebp-dev_0.6.1-2ubuntu0.18.04.1_amd64.deb 88e83717d76a13a4f648163f73c26583440d2cab284d10ad50ff99b2bcb75baf 882944 libwebp6-dbgsym_0.6.1-2ubuntu0.18.04.1_amd64.ddeb a4c5a1dd6947ce28715f1dee2051d6294f4856a2c05bdb2a08c72dd38231e3dd 186300 libwebp6_0.6.1-2ubuntu0.18.04.1_amd64.deb 4daf7fc3fc654b891b84346cffbf288c13d0d5212ec6f97a4393af4948638c6c 11287 libwebp_0.6.1-2ubuntu0.18.04.1_amd64.buildinfo 8e9e2193459fbddde4b84625be61793ae85ab8eedbe6c64904aa0c25fff03fed 27648 libwebpdemux2-dbgsym_0.6.1-2ubuntu0.18.04.1_amd64.ddeb 6af7011b4ed9cb0f82d43011941e80ba55b514e0333667353749fc107b450089 9476 libwebpdemux2_0.6.1-2ubuntu0.18.04.1_amd64.deb 84a5032c0351b54eac218e6e11d063610e9415146213058a8d79928055a565c4 62436 libwebpmux3-dbgsym_0.6.1-2ubuntu0.18.04.1_amd64.ddeb 18942a449e9f5467a02a9a3b83d956d5f0938115034a5f98247bfed976ba5d89 19608 libwebpmux3_0.6.1-2ubuntu0.18.04.1_amd64.deb 7ab555b39bd9699fc51bdfbd7fad5e62363cb3240e908d55f280dd489396b9a5 235656 webp-dbgsym_0.6.1-2ubuntu0.18.04.1_amd64.ddeb ce367f2ee6c001d1b071970de724ebb2f0298b4499cea4e99bc4289ce40f9a51 78512 webp_0.6.1-2ubuntu0.18.04.1_amd64.deb Files: cefceef13dfe2ef827459d433751cd4f 267552 libdevel optional libwebp-dev_0.6.1-2ubuntu0.18.04.1_amd64.deb a4e39502b319a121e57861da388f7219 882944 debug optional libwebp6-dbgsym_0.6.1-2ubuntu0.18.04.1_amd64.ddeb a69fdc02f22025bff46692fadfa061b5 186300 libs optional libwebp6_0.6.1-2ubuntu0.18.04.1_amd64.deb da0b7032b54ae357dead51a7fe13ae46 11287 libs optional libwebp_0.6.1-2ubuntu0.18.04.1_amd64.buildinfo 97c2fbd24a8e62914e3d4a6280292b4a 27648 debug optional libwebpdemux2-dbgsym_0.6.1-2ubuntu0.18.04.1_amd64.ddeb 8c02f8e19c9e4e03776e484ccfee5452 9476 libs optional libwebpdemux2_0.6.1-2ubuntu0.18.04.1_amd64.deb af086381f107833500fc3abfeff38203 62436 debug optional libwebpmux3-dbgsym_0.6.1-2ubuntu0.18.04.1_amd64.ddeb ec83b344698d0f7bfecf24f21a5c84da 19608 libs optional libwebpmux3_0.6.1-2ubuntu0.18.04.1_amd64.deb bee8846eab6fef07e18e14fd4aae8335 235656 debug optional webp-dbgsym_0.6.1-2ubuntu0.18.04.1_amd64.ddeb b0dc1255d30833d55199f27ce6d2a2fe 78512 graphics optional webp_0.6.1-2ubuntu0.18.04.1_amd64.deb Original-Maintainer: Jeff Breidenbach