[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1902-1] djvulibre security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : djvulibre
Version        : 3.5.25.4-4+deb8u1
CVE ID         : CVE-2019-15142 CVE-2019-15143 CVE-2019-15144
                 CVE-2019-15145


Hongxu Chen found several issues in djvulibre, a library and set of tools
to handle images in the DjVu format.

The issues are a heap-buffer-overflow, a stack-overflow, an infinite loop
and an invalid read when working with crafted files as input.


For Debian 8 "Jessie", these problems have been fixed in version
3.5.25.4-4+deb8u1.

We recommend that you upgrade your djvulibre packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl1oNgZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdnfA/9HXOSLpDhDnRt6wzQuKx+3MM6pCz6CSTcr9OiCbPwFiVKELzBS4pnIrtV
RPvJrfW4BUA9Gu9IOn7BGITmqOya+5iX+p8BubqoiXugdSW1VWNvO0bMMnEgzMyJ
lINmikAK+3pO+O5TKK1RSeOSnAPnZQMpPNf9i0pCsSlaVSwO2pIC4DgcO54RyuBk
h+x4fP9bMReq31l8rPFuwEkqz4UNBPx/o/J5a0DikDLlpsaasMYEdREO5gLWDFHi
/tJbHWrqraf/9N9kqM9KAoQNsr6NH6ebxAcjMLphs4b4xwlKANfAoHLY++7+iR+c
c8CDtlWnFo8fQVOXB6PnT5KOEIIep7HJV3eESL4qs6F3nWtPObTVCy9fan+l0/5p
Vxh1kqEUGauiwfy0cP5D8YltPCi6c4fnu7SyrW6xGXSKr3EBkhHpLnwPvp0TIaMU
YBNuZtb9RhZiZlYEu0K8yIeiCcQxjo5J98FEEfj3YwWixpDjuYTIX84bSYB9TCwY
Bes+cgR522PxaV+d20zAWYMe9T1xmQ3O4gpwKuHwGUpY7w22NVK84M2bReqPpVty
OvPNJggpAJDQZC5nmJ82zVnHQr32UJOOXS9RZjTSDC25Y2UJXAv8wXvGCkECKchj
Cip9G4QS/6Yj86LpYP6Qa/3gJqs79aQLyTAZcmSMuBSRLXFj2uI=
=WOr0
-----END PGP SIGNATURE-----
Reply to: