[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2796-1] jbig2dec security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2796-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
October 29, 2021                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : jbig2dec
Version        : 0.13-4.1+deb9u1
CVE ID         : CVE-2017-9216 CVE-2020-12268


Two issues have been found in jbig2dec, a JBIG2 decoder library.
One issue is related to an overflow with a crafted image file. The other is related to a NULL pointer dereference.


For Debian 9 stretch, these problems have been fixed in version
0.13-4.1+deb9u1.

We recommend that you upgrade your jbig2dec packages.

For the detailed security status of jbig2dec please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jbig2dec

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmF7MTJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEc+rRAAq1itaE5H9sgC5wyyN5xN9ZKG0kzyEPvXs0tLtYitmhR/3p7WoQL5rbkA
kd82fFFuIhMFTsGfpYz7HwF0bNwxdiEUq5B60o2/WX7ZKgQ7M4fsRd8coWwApPF5
NmL8n2fVcUqLBrW/ABcMVLQ02rLebfLAmerh7h20Ibj7fHwSYUHQ28RJtS/hR6NC
eysoXLv9Eo5BZe8O6OkvJeKRh34VUAxUA6QCo2JHFZ5dU66rZr9/6IWO9SnnoJ2A
WRoVKCLKu7o064vJOoVrdLYXy2Ys8kk5xzHL/DP+agWVjks7BdD+2XvMO9V6bgYl
W/cvFtxzTtwFOZ4InTjpAMY8M002A+BxGxeBWjyt5KzMTXaJ1qRfpS5ZzSZSq6Bh
0J3vF7TnExHBTjxIHK8DsGJLkxmwa13nxsfXArUR0oPrYqcVIxJujEqif6RwKIaY
Y3DdVhxAAP+rtPEVUhCezecYwAUpdqBeNHCfaTghkz1GrL480G7OsSZB18iqcBEu
dNwLkxGj3z//cq7I1MXzk0daPXbATdKD9/bSOmZa00uT1SFbGmpJbgr6Z96NxB9w
0geT0nhpoOXrtpvcnYtVApCAjx7xB5YanKlkWbpqb0f7uJeBu1ayMbv9kKUnoJg3
TfxJrCI0J6/R3ozGfBoHIbwlbl6/1fLKtT6KvAyPEETsFiWYHbY=
=Kg9G
-----END PGP SIGNATURE-----


Reply to: