Format: 1.8 Date: Thu, 20 May 2021 07:52:26 -0400 Source: libwebp Binary: libwebp-dev libwebp6 libwebpmux3 libwebpdemux2 webp Architecture: arm64 Version: 0.6.1-2ubuntu0.18.04.1 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libwebp-dev - Lossy compression of digital photographic images. libwebp6 - Lossy compression of digital photographic images. libwebpdemux2 - Lossy compression of digital photographic images. libwebpmux3 - Lossy compression of digital photographic images. webp - Lossy compression of digital photographic images. Changes: libwebp (0.6.1-2ubuntu0.18.04.1) bionic-security; urgency=medium . * SECURITY UPDATE: heap-based buffer overflow in GetLE16() and GetLE24() - debian/patches/CVE-2018-25009.patch: check data_size in src/mux/muxread.c. - CVE-2018-25009 - CVE-2018-25012 * SECURITY UPDATE: heap-based buffer overflow in ApplyFilter() - debian/patches/CVE-2018-25010.patch: limit the filter size in src/utils/quant_levels_dec_utils.c. - CVE-2018-25010 * SECURITY UPDATE: heap-based buffer overflow in PutLE16() - debian/patches/CVE-2018-25011.patch: limit number of image chunks in src/mux/muxread.c. - CVE-2018-25011 * SECURITY UPDATE: heap-based buffer overflow in ShiftBytes() and in ReadSymbol() - debian/patches/CVE-2018-25013_4.patch: wait for all threads to be done in DecodeRemaining in src/dec/idec_dec.c. - CVE-2018-25013 - CVE-2018-25014 * SECURITY UPDATE: heap-based buffer overflow in WebPDecode*Into functions - debian/patches/CVE-2020-36328.patch: fix buffer size check in src/dec/buffer_dec.c. - CVE-2020-36328 * SECURITY UPDATE: use-after-free in EmitFancyRGB() - debian/patches/CVE-2020-36329.patch: fix thread race heap-use-after-free in src/dec/idec_dec.c. - CVE-2020-36329 * SECURITY UPDATE: heap-based buffer overflow in ChunkVerifyAndAssign() - debian/patches/CVE-2020-36330.patch: fix riff size checks in src/mux/muxread.c. - CVE-2020-36330 * SECURITY UPDATE: heap-based buffer overflow in ChunkAssignData() - debian/patches/CVE-2020-36331.patch: validate chunk_size in src/mux/muxi.h, src/mux/muxread.c. - CVE-2020-36331 * SECURITY UPDATE: extreme memory allocation when reading a file - debian/patches/CVE-2020-36332-pre1.patch: limit memory allocation when reading invalid Huffman codes in src/dec/vp8l_dec.c. - debian/patches/CVE-2020-36332.patch: better handling of bogus Huffman codes in src/dec/vp8l_dec.c. - CVE-2020-36332 Checksums-Sha1: 5f7933654a069d7e3311406ee1e1d712a13c7e32 262476 libwebp-dev_0.6.1-2ubuntu0.18.04.1_arm64.deb 5f1097aadc7e2a4f6a48084b09a0ecf857e58d0a 717844 libwebp6-dbgsym_0.6.1-2ubuntu0.18.04.1_arm64.ddeb 3a3f313871cfdc5578b4f7d83eba2e43f394c13a 156712 libwebp6_0.6.1-2ubuntu0.18.04.1_arm64.deb b5e5a04c2232be743e4bf532fe1d5fff89a591b3 11241 libwebp_0.6.1-2ubuntu0.18.04.1_arm64.buildinfo 363548aed2d3a6b1641e35ef42d64b02208c3a06 27532 libwebpdemux2-dbgsym_0.6.1-2ubuntu0.18.04.1_arm64.ddeb 04cf73a2ac4f5f7ff81e2e36a1c6d5d53231320f 8864 libwebpdemux2_0.6.1-2ubuntu0.18.04.1_arm64.deb 9947c65ef3938055ee083f6ebb5f0f1cfb4169a0 63712 libwebpmux3-dbgsym_0.6.1-2ubuntu0.18.04.1_arm64.ddeb 0f6c041290dfa6cc00682fd55d85fdc148017e79 17300 libwebpmux3_0.6.1-2ubuntu0.18.04.1_arm64.deb 1c4626548f5f9466b14b951b03237581ea8fc7eb 247152 webp-dbgsym_0.6.1-2ubuntu0.18.04.1_arm64.ddeb 8f8c230b6e69b156dffc795a51642f4314b22b33 75736 webp_0.6.1-2ubuntu0.18.04.1_arm64.deb Checksums-Sha256: 5e096143445df59f32ec7fe0c093f7173447604076d5cbc2781fc6702d662953 262476 libwebp-dev_0.6.1-2ubuntu0.18.04.1_arm64.deb f8532c4d8ba2770f0d6ede1b647ab9b98d310871615fa1c5790521b2398f7d62 717844 libwebp6-dbgsym_0.6.1-2ubuntu0.18.04.1_arm64.ddeb f2f49c08ef8fd2f121e7a9264afc66c556122d729ab234058b9e12fa21b48269 156712 libwebp6_0.6.1-2ubuntu0.18.04.1_arm64.deb 2ae5d7de9dabf70b7e5c6a16381fb70ae367e9d0ea6826551b422a333ab23bd3 11241 libwebp_0.6.1-2ubuntu0.18.04.1_arm64.buildinfo 421c21725cef975366ead48f08b27fd1979a15d7580998c6f5e98feeff208f21 27532 libwebpdemux2-dbgsym_0.6.1-2ubuntu0.18.04.1_arm64.ddeb 1a5ed8c8c36683b4f1cbe5cb0f9a0526ee066cc3fb506851f32dacf0f7c3c7dd 8864 libwebpdemux2_0.6.1-2ubuntu0.18.04.1_arm64.deb 4d280698f95b80c1107c59736808dc701f579c9bc26d2af13289d9f519c75331 63712 libwebpmux3-dbgsym_0.6.1-2ubuntu0.18.04.1_arm64.ddeb b8ad4bc5b8deb78cc7df43751433ae8a93d411951751a728a9d2b388e371ba11 17300 libwebpmux3_0.6.1-2ubuntu0.18.04.1_arm64.deb dc387afec984dd8161081084605ab90c9854e035ad062c44803817a74cb8de50 247152 webp-dbgsym_0.6.1-2ubuntu0.18.04.1_arm64.ddeb af875cbb0ba7b10492ed69aeb295707e1b1b56e24e4ed4f4f6a1191c1ce692ba 75736 webp_0.6.1-2ubuntu0.18.04.1_arm64.deb Files: c8c84809142f7fdeeaa0768c9610b331 262476 libdevel optional libwebp-dev_0.6.1-2ubuntu0.18.04.1_arm64.deb 6e72b0afeb252fb7179a6f8eed2f9d2f 717844 debug optional libwebp6-dbgsym_0.6.1-2ubuntu0.18.04.1_arm64.ddeb cb5f70ff72f7a45dbcd03e8bf9fec7f1 156712 libs optional libwebp6_0.6.1-2ubuntu0.18.04.1_arm64.deb 01581f16a095e8b45f3ad7ac544a611d 11241 libs optional libwebp_0.6.1-2ubuntu0.18.04.1_arm64.buildinfo bf73f46b5b959cf96a28583f207e9f6d 27532 debug optional libwebpdemux2-dbgsym_0.6.1-2ubuntu0.18.04.1_arm64.ddeb 29225323559cafd8db65bdf6327dc243 8864 libs optional libwebpdemux2_0.6.1-2ubuntu0.18.04.1_arm64.deb f626b5c9b5546dd68f67e34757237d61 63712 debug optional libwebpmux3-dbgsym_0.6.1-2ubuntu0.18.04.1_arm64.ddeb ead0d2bf865e9a374ba1b2df039a5306 17300 libs optional libwebpmux3_0.6.1-2ubuntu0.18.04.1_arm64.deb f5c05ab0ac06330776352052615ac2e3 247152 debug optional webp-dbgsym_0.6.1-2ubuntu0.18.04.1_arm64.ddeb 8c20a6041897f61239b66ef645bf4077 75736 graphics optional webp_0.6.1-2ubuntu0.18.04.1_arm64.deb Original-Maintainer: Jeff Breidenbach