Format: 1.8 Date: Thu, 20 May 2021 07:52:26 -0400 Source: libwebp Binary: libwebp-dev libwebp6 libwebpdemux2 libwebpmux3 webp Architecture: s390x Version: 0.6.1-2ubuntu0.20.04.1 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libwebp-dev - Lossy compression of digital photographic images. libwebp6 - Lossy compression of digital photographic images. libwebpdemux2 - Lossy compression of digital photographic images. libwebpmux3 - Lossy compression of digital photographic images. webp - Lossy compression of digital photographic images. Changes: libwebp (0.6.1-2ubuntu0.20.04.1) focal-security; urgency=medium . * SECURITY UPDATE: heap-based buffer overflow in GetLE16() and GetLE24() - debian/patches/CVE-2018-25009.patch: check data_size in src/mux/muxread.c. - CVE-2018-25009 - CVE-2018-25012 * SECURITY UPDATE: heap-based buffer overflow in ApplyFilter() - debian/patches/CVE-2018-25010.patch: limit the filter size in src/utils/quant_levels_dec_utils.c. - CVE-2018-25010 * SECURITY UPDATE: heap-based buffer overflow in PutLE16() - debian/patches/CVE-2018-25011.patch: limit number of image chunks in src/mux/muxread.c. - CVE-2018-25011 * SECURITY UPDATE: heap-based buffer overflow in ShiftBytes() and in ReadSymbol() - debian/patches/CVE-2018-25013_4.patch: wait for all threads to be done in DecodeRemaining in src/dec/idec_dec.c. - CVE-2018-25013 - CVE-2018-25014 * SECURITY UPDATE: heap-based buffer overflow in WebPDecode*Into functions - debian/patches/CVE-2020-36328.patch: fix buffer size check in src/dec/buffer_dec.c. - CVE-2020-36328 * SECURITY UPDATE: use-after-free in EmitFancyRGB() - debian/patches/CVE-2020-36329.patch: fix thread race heap-use-after-free in src/dec/idec_dec.c. - CVE-2020-36329 * SECURITY UPDATE: heap-based buffer overflow in ChunkVerifyAndAssign() - debian/patches/CVE-2020-36330.patch: fix riff size checks in src/mux/muxread.c. - CVE-2020-36330 * SECURITY UPDATE: heap-based buffer overflow in ChunkAssignData() - debian/patches/CVE-2020-36331.patch: validate chunk_size in src/mux/muxi.h, src/mux/muxread.c. - CVE-2020-36331 * SECURITY UPDATE: extreme memory allocation when reading a file - debian/patches/CVE-2020-36332-pre1.patch: limit memory allocation when reading invalid Huffman codes in src/dec/vp8l_dec.c. - debian/patches/CVE-2020-36332.patch: better handling of bogus Huffman codes in src/dec/vp8l_dec.c. - CVE-2020-36332 Checksums-Sha1: 2b7c7e87b83d195679163d93209e1bf42fa6ff39 221528 libwebp-dev_0.6.1-2ubuntu0.20.04.1_s390x.deb 9be7954e0899834509b97ffc248434254c4dd6e1 783640 libwebp6-dbgsym_0.6.1-2ubuntu0.20.04.1_s390x.ddeb f1f831bad797d4215926d5bfcd63b3f3b8c55638 147536 libwebp6_0.6.1-2ubuntu0.20.04.1_s390x.deb 82d54aabd90b584f6323559f6413824886cd4666 10207 libwebp_0.6.1-2ubuntu0.20.04.1_s390x.buildinfo 4127cb04106b573b2b40c052bfc925cb224ff386 34080 libwebpdemux2-dbgsym_0.6.1-2ubuntu0.20.04.1_s390x.ddeb d8e911f1df70ffa15f6764b6aa238967ce2795ed 9064 libwebpdemux2_0.6.1-2ubuntu0.20.04.1_s390x.deb ed13e50a5f18d1f4a7b90132b08992c26c07a2cc 77248 libwebpmux3-dbgsym_0.6.1-2ubuntu0.20.04.1_s390x.ddeb 01d6fb23413b74f61d9edd2eb65896690e35e177 17860 libwebpmux3_0.6.1-2ubuntu0.20.04.1_s390x.deb e820798644c91487a72ff7288813e589ac3f1940 288780 webp-dbgsym_0.6.1-2ubuntu0.20.04.1_s390x.ddeb d73bf45a4fa0dd4a0c3e5e0c6b8ab78714fe6770 73760 webp_0.6.1-2ubuntu0.20.04.1_s390x.deb Checksums-Sha256: 60393eb315b7e43b4fc7f397dcc0c03385ef8b082a6c3671aafcbbbad2fa5d47 221528 libwebp-dev_0.6.1-2ubuntu0.20.04.1_s390x.deb 5f2771d4c48207f54a1355ed6179e66865c8081d0f016e7d8314fc0488c960ff 783640 libwebp6-dbgsym_0.6.1-2ubuntu0.20.04.1_s390x.ddeb d0efd48bca5aaf4bc146730241e11ae7bf1641200100fded1c1bb78ce0ffb43c 147536 libwebp6_0.6.1-2ubuntu0.20.04.1_s390x.deb a39df686bfcac026f99a995fcfa5a4f7abdee45494464fe3a8eb26ece68e0f62 10207 libwebp_0.6.1-2ubuntu0.20.04.1_s390x.buildinfo a61d2ae05cbeef78cea27b7857997c1de26a9d4fa0df4cdf33c7ca0075d1d75a 34080 libwebpdemux2-dbgsym_0.6.1-2ubuntu0.20.04.1_s390x.ddeb a42fa045c6861ddf200fb99c5331c618f19bf17a6e21a9007753bdab431b30ea 9064 libwebpdemux2_0.6.1-2ubuntu0.20.04.1_s390x.deb d6808583ffe0b815240c5aed085932e4b39a4bb2128733eb2b0b7d005c5cde08 77248 libwebpmux3-dbgsym_0.6.1-2ubuntu0.20.04.1_s390x.ddeb 6a1add765bb16ff5d062a9ad054121abc216961683a8477bc5a84270efd3a9ad 17860 libwebpmux3_0.6.1-2ubuntu0.20.04.1_s390x.deb 9ad8bc39f3dc3e501eb16344b01902223827a28ee8841efc73c9470dc1011a7f 288780 webp-dbgsym_0.6.1-2ubuntu0.20.04.1_s390x.ddeb 89101f932d2271573972be0c4bd6faf1bd4c30d39a95691119368b775528d06e 73760 webp_0.6.1-2ubuntu0.20.04.1_s390x.deb Files: 0bec26e4b9651fae33d2c81e800fa95e 221528 libdevel optional libwebp-dev_0.6.1-2ubuntu0.20.04.1_s390x.deb 580ffbb5ac15b32aa9098f0fc22d0b76 783640 debug optional libwebp6-dbgsym_0.6.1-2ubuntu0.20.04.1_s390x.ddeb 5f915cbc3a55fa1c309074721ce2028b 147536 libs optional libwebp6_0.6.1-2ubuntu0.20.04.1_s390x.deb d4452e625f5dc8b00b3daece638377b1 10207 libs optional libwebp_0.6.1-2ubuntu0.20.04.1_s390x.buildinfo 0b1a943a2fa1cb531f02bf5ad7e8cf9c 34080 debug optional libwebpdemux2-dbgsym_0.6.1-2ubuntu0.20.04.1_s390x.ddeb 067115b789d9c878f5febed49d4c809c 9064 libs optional libwebpdemux2_0.6.1-2ubuntu0.20.04.1_s390x.deb 73bbf4237133e92428b2ca3e043a6fa4 77248 debug optional libwebpmux3-dbgsym_0.6.1-2ubuntu0.20.04.1_s390x.ddeb 488699923b87bc91b6d42d907990e12b 17860 libs optional libwebpmux3_0.6.1-2ubuntu0.20.04.1_s390x.deb 8936a9f526d4888bcfa2c72f3b11daab 288780 debug optional webp-dbgsym_0.6.1-2ubuntu0.20.04.1_s390x.ddeb 0aec793a7def43e4f77f646157fab48d 73760 graphics optional webp_0.6.1-2ubuntu0.20.04.1_s390x.deb Original-Maintainer: Jeff Breidenbach