Publishing details

Changelog

jbig2dec (0.12+20150918-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: integer overflow in jbig2_image_new
    - debian/patches/CVE-2016-9601-pre.patch: prevent checking too early in
      jbig2.c.
    - debian/patches/CVE-2016-9601-1.patch: fix signed/unsigned warnings in
      jbig2.c, jbig2.h, jbig2_generic.c, jbig2_halftone.c, jbig2_huffman.c,
      jbig2_huffman.h, jbig2_image.c, jbig2_mmr.c, jbig2_page.c,
      jbig2_priv.h, jbig2_segment.c, jbig2_symbol_dict.c,
      jbig2_symbol_dict.h, jbig2_text.c, jbig2_text.h.
    - debian/patches/CVE-2016-9601-2.patch: fix warnings in jbig2_image.c,
      jbig2_mmr.c, jbig2_symbol_dict.c.
    - CVE-2016-9601
  * SECURITY UPDATE: integer overflow in big2_decode_symbol_dict
    - debian/patches/CVE-2017-7885.patch: add extra check to
      jbig2_symbol_dict.c.
    - CVE-2017-7885
  * SECURITY UPDATE: integer overflow in jbig2_build_huffman_table
    - debian/patches/CVE-2017-7975.patch: use uint32_t in jbig2_huffman.c.
    - CVE-2017-7975
  * SECURITY UPDATE: integer overflow in jbig2_image_compose
    - debian/patches/CVE-2017-7976.patch: add bounds check to
      jbig2_image.c.
    - CVE-2017-7976

 -- Marc Deslauriers <email address hidden>  Fri, 19 May 2017 08:26:25 -0400

Available diffs

Builds

Built packages

Package files