Univention Bugzilla – Bug 53547
djvulibre: Multiple issues (4.4)
Last modified: 2021-07-07 16:34:11 CEST
New Debian djvulibre 3.5.27.1-7+deb9u2 fixes: This update addresses the following issue: * An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28. (CVE-2021-3630)
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/djvulibre_3.5.27.1-7+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/djvulibre_3.5.27.1-7+deb9u2.dsc @@ -1,3 +1,8 @@ +3.5.27.1-7+deb9u2 [Sat, 03 Jul 2021 18:48:45 +0530] Utkarsh Gupta <utkarsh.gupta@canonical.com>: + + * Non-maintainer upload by the LTS team. + * Add patch to fix OOB write. (Fixes: CVE-2021-3630) + 3.5.27.1-7+deb9u1 [Tue, 25 May 2021 18:02:31 +0200] Sylvain Beucler <beuc@debian.org>: * Non-maintainer upload by the LTS Security Team. <http://piuparts.knut.univention.de/4.4-8/#517060050371222280>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] c80763157c Bug #53547: djvulibre 3.5.27.1-7+deb9u2 doc/errata/staging/djvulibre.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1002>