Accepted jbig2dec 0.13-5 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 23 Sep 2017 13:27:40 +0200
Source: jbig2dec
Binary: libjbig2dec0-dev libjbig2dec0 jbig2dec
Architecture: source
Version: 0.13-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Jonas Smedegaard <dr@jones.dk>
Description:
jbig2dec - JBIG2 decoder library - tools
libjbig2dec0 - JBIG2 decoder library - shared libraries
libjbig2dec0-dev - JBIG2 decoder library - development files
Closes: 863279
Changes:
jbig2dec (0.13-5) unstable; urgency=medium
.
* Add DEP-3 header to patch 1001.
* Advertise DEP-3 format in patch headers.
* Add patches cherry-picked upstream:
+ Fix decoder error on JBIG2 compressed image.
+ Tidy up unused code.
+ Add sanity check on image sizes.
+ refine test for "Denial of Service" images
+ Prevent SEGV due to integer overflow.
+ Prevent integer overflow vulnerability.
+ Bounds check before reading from image source data.
+ Plug leak of parameter info in command-line tool.
+ Fix memory leak in case of error.
+ Make clipping in image compositing handle underflow.
+ Fix double free in error case.
+ Do bounds checking of read data.
+ Do not grow page if page height is known.
+ Fix SEGV due to error code being ignored.
Closes: Bug#863279; CVE-2017-9216. Thanks to Salvatore Bonaccorso.
+ Allow for symbol dictionary with 0 symbols.
* Update watch file: Use substitution strings.
* Stop put aside auto-generated header file during build: No longer
shipped upstream.
* Modernize cdbs:
+ Do copyright-check in maintainer script (not during build).
+ Relax to build-depend unversioned on cdbs.
+ Stop build-depend on licensecheck.
* Declare compliance with Debian Policy 4.1.0.
* Update copyright info:
+ Use https protocol in file format URL.
+ Fix rename License section AGPL-3 → AGPL-3+.
* Tighten lintian overrides regarding License-Reference.
Checksums-Sha1:
8f0414d51a1be00bee0b3f1ae9545ffe9b8046c6 2100 jbig2dec_0.13-5.dsc
1cf4a0a0b28f5e6ffe0dd9e3cdfa621c7217aec5 30788 jbig2dec_0.13-5.debian.tar.xz
d1173e06582c8139ee22851a0abfc10f4ad026a0 7204 jbig2dec_0.13-5_amd64.buildinfo
Checksums-Sha256:
9450b10caa782fdc02b2cf1f7f136ce1c25fbe48790445de82ac6ed62fd991dd 2100 jbig2dec_0.13-5.dsc
d7c25acd31b24fedc4c8de2cf8a5c6d5acc00e99d78c027da2fa74f23ef246ec 30788 jbig2dec_0.13-5.debian.tar.xz
fb150e72ae2ebe05fab4c1dfe12e98c50801d80c8ae63ee0e4829ba6bc60a8aa 7204 jbig2dec_0.13-5_amd64.buildinfo
Files:
5d719be385cc20ff3c41b04fb87bc4d6 2100 libs optional jbig2dec_0.13-5.dsc
42f4012e11a09a077a6816517028c41c 30788 libs optional jbig2dec_0.13-5.debian.tar.xz
f845153ec6002f7aea50b83563f2371e 7204 libs optional jbig2dec_0.13-5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlnGRXcACgkQLHwxRsGg
ASElEQ/9Fo5K4pEQkBUFcJuhXx+l/XXVKJItqNYhsamZec9M7JUhiKSbr0dmt+R1
c5c9ZI3QvXkS+Vlj19MQWVjXpDEGlzJAgPKlYzBNIPSVHgFN/A83wL8thIzk9w4q
gzftvUrUkyyM1XLb7I7mZYVl2ei0ah5xrFlQphGu6pySj6TGIMSQ4yh5q1nP7CGi
wmkkQGX2BlBpwGR87h/li3nqji7MhbibCcAMW+tQHZlu1V9bIlN63WOeT8pw5qQp
mXPyiowiqvbSE1oS5H7GL/R8R2vQZoZ79REJ345+GotHiq5jBdICLo9FEHaWuZD+
Vd2afhdynsN5sZmnti2V9cYWpmyYsr378FrIWBMhg4tAsntuCppdEoo5n+A7n6iW
XyEvAtaiOjTPWT5oM8AWmDCs1mvhNFw8GTOARrzqH0eTSUI7R5loNDS95XRLaDuZ
zuufcEjpY+poWf4cyItPK1vPRl9aBjuf1GB3SrA3fYhlO7C9dlVv5/pe+vpOlpLz
fFwCIhcnmnm2Oy5hKB/uvS3ldZmz2bygU4vUuyRClNEYzTbu34DGuf09Fhr6qH+4
rdsFwp+xlqgEHCjD9cEZUzDHthQb57k15iQk4d5WfrIVcBfn0+SaqzAFMJGvJlCU
KFQ8mP0y+uuYuqKT78noFl4DImIFOD0S2opOU8M3lPd8nOQWMf8=
=6cJq
-----END PGP SIGNATURE-----
Reply to: