jbig2dec (0.13-5) unstable; urgency=medium
* Add DEP-3 header to patch 1001.
* Advertise DEP-3 format in patch headers.
* Add patches cherry-picked upstream:
+ Fix decoder error on JBIG2 compressed image.
+ Tidy up unused code.
+ Add sanity check on image sizes.
+ refine test for "Denial of Service" images
+ Prevent SEGV due to integer overflow.
+ Prevent integer overflow vulnerability.
+ Bounds check before reading from image source data.
+ Plug leak of parameter info in command-line tool.
+ Fix memory leak in case of error.
+ Make clipping in image compositing handle underflow.
+ Fix double free in error case.
+ Do bounds checking of read data.
+ Do not grow page if page height is known.
+ Fix SEGV due to error code being ignored.
Closes: Bug#863279; CVE-2017-9216. Thanks to Salvatore Bonaccorso.
+ Allow for symbol dictionary with 0 symbols.
* Update watch file: Use substitution strings.
* Stop put aside auto-generated header file during build: No longer
shipped upstream.
* Modernize cdbs:
+ Do copyright-check in maintainer script (not during build).
+ Relax to build-depend unversioned on cdbs.
+ Stop build-depend on licensecheck.
* Declare compliance with Debian Policy 4.1.0.
* Update copyright info:
+ Use https protocol in file format URL.
+ Fix rename License section AGPL-3 → AGPL-3+.
* Tighten lintian overrides regarding License-Reference.
-- Jonas Smedegaard <email address hidden> Sat, 23 Sep 2017 13:27:40 +0200
