jbig2dec (0.12+20150918-1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: integer overflow in jbig2_image_new
- debian/patches/CVE-2016-9601-pre.patch: prevent checking too early in
jbig2.c.
- debian/patches/CVE-2016-9601-1.patch: fix signed/unsigned warnings in
jbig2.c, jbig2.h, jbig2_generic.c, jbig2_halftone.c, jbig2_huffman.c,
jbig2_huffman.h, jbig2_image.c, jbig2_mmr.c, jbig2_page.c,
jbig2_priv.h, jbig2_segment.c, jbig2_symbol_dict.c,
jbig2_symbol_dict.h, jbig2_text.c, jbig2_text.h.
- debian/patches/CVE-2016-9601-2.patch: fix warnings in jbig2_image.c,
jbig2_mmr.c, jbig2_symbol_dict.c.
- CVE-2016-9601
* SECURITY UPDATE: integer overflow in big2_decode_symbol_dict
- debian/patches/CVE-2017-7885.patch: add extra check to
jbig2_symbol_dict.c.
- CVE-2017-7885
* SECURITY UPDATE: integer overflow in jbig2_build_huffman_table
- debian/patches/CVE-2017-7975.patch: use uint32_t in jbig2_huffman.c.
- CVE-2017-7975
* SECURITY UPDATE: integer overflow in jbig2_image_compose
- debian/patches/CVE-2017-7976.patch: add bounds check to
jbig2_image.c.
- CVE-2017-7976
-- Marc Deslauriers <email address hidden> Fri, 19 May 2017 08:26:25 -0400