[ubuntu/xenial-security] djvulibre 3.5.27.1-5ubuntu0.1 (Accepted)

Marc Deslauriers Thu, 21 Nov 2019 11:25:14 -0800

djvulibre (3.5.27.1-5ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overread
    - debian/patches/CVE-2019-15142-pre1.patch: fix lengths in
      libdjvu/DjVmDir.cpp, libdjvu/miniexp.cpp, tools/csepdjvu.cpp.
    - debian/patches/CVE-2019-15142.patch: add checks to
      libdjvu/DjVmDir.cpp.
    - CVE-2019-15142
  * SECURITY UPDATE: infinite loop in bitmap reader
    - debian/patches/CVE-2019-15143.patch: check return code in
      libdjvu/GBitmap.cpp, libdjvu/DjVmDir.cpp.
    - CVE-2019-15143
  * SECURITY UPDATE: uncontrolled recursion in sorting
    - debian/patches/CVE-2019-15144.patch: fix logic in
      libdjvu/GContainer.h.
    - CVE-2019-15144
  * SECURITY UPDATE: out of bounds read
    - debian/patches/CVE-2019-15145.patch: check bytes in
      libdjvu/GBitmap.h.
    - CVE-2019-15145
  * SECURITY UPDATE: NULL pointer dereference in DJVU::filter_fv
    - debian/patches/CVE-2019-18804.patch: add extra checks to
      libdjvu/IW44EncodeCodec.cpp, tools/ddjvu.cpp.
    - CVE-2019-18804


Date: 2019-11-20 16:29:21.382058+00:00
Changed-By: Marc Deslauriers <[email protected]>
https://launchpad.net/ubuntu/+source/djvulibre/3.5.27.1-5ubuntu0.1

Sorry, changesfile not available.

-- 
Xenial-changes mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

[ubuntu/xenial-security] djvulibre 3.5.27.1-5ubuntu0.1 (Accepted)

Reply via email to