[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted libwebp 0.5.2-1+deb9u1 (source) into oldstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 05 Jun 2021 17:46:10 +0200
Source: libwebp
Architecture: source
Version: 0.5.2-1+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Jeff Breidenbach <jab@debian.org>
Changed-By: Anton Gladky <gladk@debian.org>
Changes:
 libwebp (0.5.2-1+deb9u1) stretch-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * Fix read-overflow while parsing VP8X chunk.
     CVE-2018-25009
   * Fix alpha-filtering crash when image width is larger than radius.
     CVE-2018-25010
   * muxread,anmf: fail on multiple image chunks.
     CVE-2018-25011
   * Fix VP8IoTeardownHook being called twice on worker sync failure.
     CVE-2018-25012
   * Fix out-of-bounds read in ShiftBytes.
     CVE-2018-25013, CVE-2018-25014
   * Fix invalid check for buffer size
     CVE-2020-36328
   * Fix thread race heap-use-after-free
     CVE-2020-36329
   * Fix heap-buffer-overflow in ChunkVerifyAndAssign.
     CVE-2020-36330
   * Validate chunk_size muxread.
     CVE-2020-36331
Checksums-Sha1:
 584f006243af7e456237e936c9a08348ff58790a 2107 libwebp_0.5.2-1+deb9u1.dsc
 c3adfa47f96a3909fb05e41636fdcbe3826edfbd 1221153 libwebp_0.5.2.orig.tar.gz
 5efc1236cd141a3a90a56ac53d4d21a56ed5f120 9336 libwebp_0.5.2-1+deb9u1.debian.tar.xz
 925dad164a91d37fac1a701469ab6e2bec42682f 8461 libwebp_0.5.2-1+deb9u1_source.buildinfo
Checksums-Sha256:
 34b83208758d4412af3ff2730da90c4ddb1d16c44cf1dcfb7cbde58589bc86fe 2107 libwebp_0.5.2-1+deb9u1.dsc
 b75310c810b3eda222c77f6d6c26b061240e3d9060095de44b2c1bae291ecdef 1221153 libwebp_0.5.2.orig.tar.gz
 7161d360ffae7b3a32fa47d8e4a957daf4781595a49f3974811cde10040b7fb9 9336 libwebp_0.5.2-1+deb9u1.debian.tar.xz
 24e1216e2f246130d90b4bd5d1ed3c88762717a1703e1b1c32a56736039f7b70 8461 libwebp_0.5.2-1+deb9u1_source.buildinfo
Files:
 4fce4d70b8bad2a754842d004b99f537 2107 libs optional libwebp_0.5.2-1+deb9u1.dsc
 6f36b38c2483b32906f946a621eb0c2e 1221153 libs optional libwebp_0.5.2.orig.tar.gz
 825f103972ecfff15648160b8077ca5d 9336 libs optional libwebp_0.5.2-1+deb9u1.debian.tar.xz
 9724e7f28032bfda8c1978fd9921a1b0 8461 libs optional libwebp_0.5.2-1+deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmC7nGAACgkQ0+Fzg8+n
/wZ+txAAhZRHCU9Bt2Pr6c3TpmRApnevCX/6ulU6kKPGhIO80gooT1jXC7i27nl6
T/waY/87BUzP+zxWcqU+ZNUNlcM53zpRIiwcQo2ZewN/28vDhLNQBRoAEASZ1xIh
47LHWB6T/0tSFWXIolmVxarz/jkWBmnbOz5YkhDn7/3PPeFxnaFgUQchdDnYxesu
dmcITcpjieZoIGwz1+pyFL0l8nuQD4c5jLyeDvk33cPZ7TYIjVlsnedB3lX0WdSb
iRRyS0nkGqe4Q5XTwLYp3O4ASRtkG5LCIG5V6RmG62ck+RmWCBFJo/MCpbmHUi/w
ckBf4JYVMLx9WFp377wmQ8VDuGMy0B47veW6XivMohdPpbMzDgAKa5vuF010E2t7
HKKv+KQ66DLb0khw+RD6uv611VvS6CKvOf7uFWxW0uLpSHpAH2dgOPLecpQ5r0r2
Ef79ZYk3Jpp2JDecxkZG+rrbp124xZ6Y782ZNnnisZsEiWQ4/cdoxIBKpmMM0syv
etEKpt64bK0elxEED2SpSP0NZ//j56zpC9YsM7GMvpnB/zFT3iN0oNzXi1IHMsbI
F2WDene0o/C+z5xIeWWnChPbC6Zb9Bl3doNP6xnc9xUhS08cjufr186v+aZLeqCc
NoaoBLZp7vBls4dXNpXU6M1uPvp4NhiBqdpJZc/BUH4RhdCg1ho=
=l6Bc
-----END PGP SIGNATURE-----
Reply to: