Your message dated Mon, 28 Jul 2025 08:32:09 +0000
with message-id <[email protected]>
and subject line Bug#1052668: fixed in djvulibre 3.5.28-2.2~deb12u1
has caused the Debian Bug report #1052668,
regarding djvulibre: CVE-2021-46310
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1052668: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052668
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: djvulibre
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for djvulibre.
CVE-2021-46310[0]:
| An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows
| attackers to cause a denial of service via divide by zero.
https://sourceforge.net/p/djvu/bugs/345/
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-46310
https://www.cve.org/CVERecord?id=CVE-2021-46310
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: djvulibre
Source-Version: 3.5.28-2.2~deb12u1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
djvulibre, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated djvulibre package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 21 Jul 2025 13:42:26 +0300
Source: djvulibre
Architecture: source
Version: 3.5.28-2.2~deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Barak A. Pearlmutter <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1052668 1052669
Changes:
djvulibre (3.5.28-2.2~deb12u1) bookworm; urgency=medium
.
* Non-maintainer upload.
* Rebuild for bookworm.
.
djvulibre (3.5.28-2.2) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2021-46310: Divide by zero in IW44Image::Map::image()
(Closes: #1052668)
* CVE-2021-46312: Divide by zero in IWBitmap::Encode::init()
(Closes: #1052669)
Checksums-Sha1:
70da3e1f83ee75d9aec7a61190c4fdd9a70b1c5d 2407 djvulibre_3.5.28-2.2~deb12u1.dsc
1846a9e3d84e0174ecda6c4bf2dfe11fb86ea487 2959024 djvulibre_3.5.28.orig.tar.xz
823a0f9b306f5bcdb8ec94c1073a102debdca015 18368
djvulibre_3.5.28-2.2~deb12u1.debian.tar.xz
Checksums-Sha256:
379a5063097f1928b3755aab5c0105a6e1cdb111f06c50bce417f814971f9bcb 2407
djvulibre_3.5.28-2.2~deb12u1.dsc
1223b7bf7c8dfe2e290882f3bfb88ba2468b30495a1bf8dfd54dc7e810987887 2959024
djvulibre_3.5.28.orig.tar.xz
30af2c973ba7aaf988dbf9c5c342af7baba1662accb4373658e841ff924545c8 18368
djvulibre_3.5.28-2.2~deb12u1.debian.tar.xz
Files:
ea1b54bf3969bf07d130577fe766d84d 2407 libs optional
djvulibre_3.5.28-2.2~deb12u1.dsc
2f72e25ecf571449aecc468fcfe4fb60 2959024 libs optional
djvulibre_3.5.28.orig.tar.xz
7e85ec11579a69c986a324c065015c77 18368 libs optional
djvulibre_3.5.28-2.2~deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmiFNZAACgkQiNJCh6LY
mLGPMg/+K+VzWNNx1XGN98QrVCHyVIwxi1cyDGyrOeYUj1w8qfQAXBMCq2U6wQ1y
SydCBnzDN6NM9SiJSA1I2ONlORyJYp1jG0ZQ5lkcY6l7gPBy3aq/MTevAav7XW0q
B3NjiCCt9stcAAtHB213KGMdB1V5/1mE1d0Cd1ayFRYBTPk+nQayxusdb4Qzhdhv
PdPnl6XaO3FMDNW5bZ2jLaJg9U/ZC24WRmThHDLtbHoTIUN6qLR8Xr1Ryl2GJ73X
I1NzG5QkHBCOYAaEuVchUK3CVj6D4zmJMc7585RFDdJJay7jIW5q55Rm71dEvjFG
c+/xQSUC19qCsyectHvDfcS9/FV+23XqY7LsmyArEJiGxYvIS54zIiPI+Qw6gBCa
2CdN8NnICAsG/6sISgb9UWsZysywCVZM+gQbtS04eP0a2CZEWAkgRUJEhFAtiyKm
+ZQUQe7l0GDzeqirwqlLS0jTGWfVr3HACXO1GncnZDh1xaDcpGjSYBQmkH3uBCQj
MAFJ7l5wjuwKBTFNwna+I/+QSZ6KMpSlgS4xxFxhVWQmF2qiJPbenVCMJPYBRSYt
skY3Cdso48DPxSxs5pZBfC1ArqEaOP6bliI7r3nD81R3q9ij3iOYvpClcp5pd+ji
QTotDxJm+ti29tyLpWQ+Fpnp1wjWxJ9EUnezMRSeENvEwldlqcE=
=+MGA
-----END PGP SIGNATURE-----
pgpUv6Uz9A0v3.pgp
Description: PGP signature
--- End Message ---
