[SECURITY] [DLA 2702-1] djvulibre security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2702-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
July 03, 2021 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------
Package : djvulibre
Version : 3.5.27.1-7+deb9u2
CVE ID : CVE-2021-3630
An out-of-bounds write vulnerability was found in DjVuLibre in
DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file
which may lead to crash and segmentation fault.
For Debian 9 stretch, this problem has been fixed in version
3.5.27.1-7+deb9u2.
We recommend that you upgrade your djvulibre packages.
For the detailed security status of djvulibre please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/djvulibre
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmDgymAACgkQgj6WdgbD
S5ZZoBAA5lQ3qMy3UocDz+ViZ0/m7Z+Z4NHIJikpfzVngaa0RFkNe9u4F7CSNR57
Nz+QqdgxUJKID552l4SDU3KXjMSanlcQG/WO8cMeFPIX03fdVQgn6GNaIpMHCESA
eDWxAF3+UpXJR+vATMXHQYSXC/gsUWHBFDsVvEHsqogUpLewGM5tqbibkY3VZbV4
7j72iAHE2YN4BsbTxTEtPCo0NqxpOJro4jqTCMpHq7xmmo9jjAo1GYc2NVfSNDnJ
YUI6uWXraEPliwvun4ZD6N2HsbuvHJ/x9fPgqy/kSPO3BHgRutNG6XV4lCVhDNcw
ohrLQp0E5eHvyUjT2DJJmA9ToKDJqTwbBkCqPlPitjvg5YJ4PD5U61B/4cVWXyBg
P40FMz2t/tVyuU7Xy3UwJVoni+rmFVjuAmehKvAAoUkibwo4SLFmKGZfDDrcXiqJ
YykXlEnksEL2KGxL9O3ZoQEC/tAWwdOonQnHRfZTZXpDmO6uNJZLqmfPeducHqWe
4/WeDLBiTuRgy/H7BetLY6bxBuWGUMYjE2jc3ZeySJv8QyDnekGgL+9Fyoqz6lUY
qTbiUsw9FG0bZhm8+Me0xClYFocyCH13XAezvGngi+oibTa8Ee49PHAIQznHYpUa
sowIEy+HjJeP68HENvjirdI226ojcBOWIHWTRsDdt4KzVmlgtes=
=g+jg
-----END PGP SIGNATURE-----
Reply to: