Accepted jbig2dec 0.13-4~deb7u2 (source amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 15 May 2017 19:39:04 +0200
Source: jbig2dec
Binary: libjbig2dec0-dev libjbig2dec0 jbig2dec
Architecture: source amd64
Version: 0.13-4~deb7u2
Distribution: wheezy-security
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
jbig2dec - JBIG2 decoder library - tools
libjbig2dec0 - JBIG2 decoder library - shared libraries
libjbig2dec0-dev - JBIG2 decoder library - development files
Changes:
jbig2dec (0.13-4~deb7u2) wheezy-security; urgency=medium
.
* Non-maintainer upload by the Debian LTS Team.
* CVE-2017-7885
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to
denial of service (application crash) or disclosure of sensitive
information from process memory, because of an integer overflow
in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c
in libjbig2dec.a during operation on a crafted .jb2 file.
* CVE-2017-7975
Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds
writes because of an integer overflow in the jbig2_build_huffman_table
function in jbig2_huffman.c during operations on a crafted JBIG2 file,
leading to a denial of service (application crash) or possibly
execution of arbitrary code.
* CVE-2017-7976
Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because
of an integer overflow in the jbig2_image_compose function in
jbig2_image.c during operations on a crafted .jb2 file, leading
to a denial of service (application crash) or disclosure of
sensitive information from process memory.
Checksums-Sha1:
142f95b83e0e215689f8704e3ceec982ca9634b8 2264 jbig2dec_0.13-4~deb7u2.dsc
72664deddb5f1844323dd133d7d1d2bbdf2f92e7 122387 jbig2dec_0.13.orig.tar.gz
accefa5e52920f77e61b017d7311bb36780588f0 30001 jbig2dec_0.13-4~deb7u2.debian.tar.gz
58401d2152acfc136e0c68c12ffc88b3f15f3d79 73460 libjbig2dec0-dev_0.13-4~deb7u2_amd64.deb
99355f7f479b76f7de0ad840a0b410c7caf5eb1c 68376 libjbig2dec0_0.13-4~deb7u2_amd64.deb
1cebac749e4e826f0a774ab701d6c41c8f5844d0 33536 jbig2dec_0.13-4~deb7u2_amd64.deb
Checksums-Sha256:
166695945da52dfa30d5a9af601adc30496643dfd987c8f9f8a8b06dd91ad357 2264 jbig2dec_0.13-4~deb7u2.dsc
c8b13b78d4bfd85df088943370cf93768e19c6f5dfe74178d7088e54b6db4ffb 122387 jbig2dec_0.13.orig.tar.gz
55536274ad53f72e4eedcd7153cbc90180f8ef408c6b223db27737f6505e1c04 30001 jbig2dec_0.13-4~deb7u2.debian.tar.gz
351df87f49caa488484f8a41fb55119d5c93c634742b2b5e6c6f6868e54264b8 73460 libjbig2dec0-dev_0.13-4~deb7u2_amd64.deb
fec18cfd5c9c8e4279f4f3385c26eeccf71bea9c9a3ef850aef5bf1564b4bc6e 68376 libjbig2dec0_0.13-4~deb7u2_amd64.deb
6fd794899f55807bf1d83512e2f618e32a72b56248c5752e0dc2c0cb3be5fbb3 33536 jbig2dec_0.13-4~deb7u2_amd64.deb
Files:
e80da1443b85e177c49fdc0b17d165e7 2264 libs optional jbig2dec_0.13-4~deb7u2.dsc
ae405891a2913c3c3d15892831de24c6 122387 libs optional jbig2dec_0.13.orig.tar.gz
3934c7d79ad3906e651c086a6aacdae5 30001 libs optional jbig2dec_0.13-4~deb7u2.debian.tar.gz
aaf95fb33a181a008da1339cbab827c9 73460 libdevel optional libjbig2dec0-dev_0.13-4~deb7u2_amd64.deb
8922c3dda7b0b9c738b67fb7ba21a762 68376 libs optional libjbig2dec0_0.13-4~deb7u2_amd64.deb
e5fd69853fe923931f6aa8e11283a43a 33536 graphics optional jbig2dec_0.13-4~deb7u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlkZ7iBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR8WoD/4siWfeN/26168WbZsl1bK0Kcn96ZYY
vySHv4ZzDFYio+KtRo4/bovzjgd8YOdnNriJ9uVUdZO1uhANYY2/pqvhiEXwW0tb
kgCISAasgOT9L2er87tvcwyR5NZo7+L8LSv6GfodOAebKqxw/sWejCVgu8pwgpB8
qaRO4mEhRd32U76ESCDAG1tXLRSB0Ht1Lf/PPl4CzY/mamfRmfbO3FWspfvROXcY
PyiYV3a8q9SPfViHKlaayB5+DcSVBBAWIkb+G1e/J40Er7qYwsA3Nii1Af189W+a
i4gJtuNH2biQodeh6g8HQ5Myl74kuJ4MUqmBLAZgHmBfWWB5jcLCMQL9eyfxHUku
ulhrqmR3Xdw2v9rzGyLBlzCDXQqzalpieDjuWYOPfDJXe8CetpPgveqV9TTh6Nls
GmsJBvJez24bFtl/zhcc+kyPw98+hsWODmftOqGM0bha8nujODSdLoHYjjo4VKv9
WoR1qPJuatGsZh8sy+Bcc2JXfh/AoAJRwXg48ALgCB3O6gWma0RUyh617rKuKhh+
k3z7k82JaPkjfP9LfS0FO3BdMPzvkbUZ8XfMXRb2Y+iDeRIe9LOiSQ8zs1Xqs2f8
9zbyKpecYp9hzAo/tK2e+etPqp8J0ENA4dNHVxzWbDdCKkmOsPdtgi8lxiFzqALo
58yTbTCO4zH2FQ==
=EQvf
-----END PGP SIGNATURE-----
Reply to: