Format: 1.8 Date: Thu, 20 May 2021 07:52:26 -0400 Source: libwebp Binary: libwebp-dev libwebp6 libwebpmux3 libwebpdemux2 webp Architecture: s390x Version: 0.6.1-2ubuntu0.18.04.1 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libwebp-dev - Lossy compression of digital photographic images. libwebp6 - Lossy compression of digital photographic images. libwebpdemux2 - Lossy compression of digital photographic images. libwebpmux3 - Lossy compression of digital photographic images. webp - Lossy compression of digital photographic images. Changes: libwebp (0.6.1-2ubuntu0.18.04.1) bionic-security; urgency=medium . * SECURITY UPDATE: heap-based buffer overflow in GetLE16() and GetLE24() - debian/patches/CVE-2018-25009.patch: check data_size in src/mux/muxread.c. - CVE-2018-25009 - CVE-2018-25012 * SECURITY UPDATE: heap-based buffer overflow in ApplyFilter() - debian/patches/CVE-2018-25010.patch: limit the filter size in src/utils/quant_levels_dec_utils.c. - CVE-2018-25010 * SECURITY UPDATE: heap-based buffer overflow in PutLE16() - debian/patches/CVE-2018-25011.patch: limit number of image chunks in src/mux/muxread.c. - CVE-2018-25011 * SECURITY UPDATE: heap-based buffer overflow in ShiftBytes() and in ReadSymbol() - debian/patches/CVE-2018-25013_4.patch: wait for all threads to be done in DecodeRemaining in src/dec/idec_dec.c. - CVE-2018-25013 - CVE-2018-25014 * SECURITY UPDATE: heap-based buffer overflow in WebPDecode*Into functions - debian/patches/CVE-2020-36328.patch: fix buffer size check in src/dec/buffer_dec.c. - CVE-2020-36328 * SECURITY UPDATE: use-after-free in EmitFancyRGB() - debian/patches/CVE-2020-36329.patch: fix thread race heap-use-after-free in src/dec/idec_dec.c. - CVE-2020-36329 * SECURITY UPDATE: heap-based buffer overflow in ChunkVerifyAndAssign() - debian/patches/CVE-2020-36330.patch: fix riff size checks in src/mux/muxread.c. - CVE-2020-36330 * SECURITY UPDATE: heap-based buffer overflow in ChunkAssignData() - debian/patches/CVE-2020-36331.patch: validate chunk_size in src/mux/muxi.h, src/mux/muxread.c. - CVE-2020-36331 * SECURITY UPDATE: extreme memory allocation when reading a file - debian/patches/CVE-2020-36332-pre1.patch: limit memory allocation when reading invalid Huffman codes in src/dec/vp8l_dec.c. - debian/patches/CVE-2020-36332.patch: better handling of bogus Huffman codes in src/dec/vp8l_dec.c. - CVE-2020-36332 Checksums-Sha1: 06924aec052bd70be92b9b1d247da2450eb786cd 223568 libwebp-dev_0.6.1-2ubuntu0.18.04.1_s390x.deb 1bbfbf06346df93eac8efab33beef52a51252c6f 644472 libwebp6-dbgsym_0.6.1-2ubuntu0.18.04.1_s390x.ddeb 254960d8b244302acd1d76a7fdfb9d8259515a34 149584 libwebp6_0.6.1-2ubuntu0.18.04.1_s390x.deb ae4d7aca70ffcc659f89052cbbcede64bcbb72e8 11029 libwebp_0.6.1-2ubuntu0.18.04.1_s390x.buildinfo 4cbe762aeabf47b27769d65ee0351a24da87bd6c 27240 libwebpdemux2-dbgsym_0.6.1-2ubuntu0.18.04.1_s390x.ddeb 3f7c1bd88b7901c8b139407fdd853c570938cb4a 9168 libwebpdemux2_0.6.1-2ubuntu0.18.04.1_s390x.deb bf84a174a01b96e6e829598e016e08c8cf09e1bf 63928 libwebpmux3-dbgsym_0.6.1-2ubuntu0.18.04.1_s390x.ddeb 96350bdb243828c1040f545837ba6a2c40d540d1 18316 libwebpmux3_0.6.1-2ubuntu0.18.04.1_s390x.deb a21d6846ca9ba5ee7971c668a0e640eef4f56a2a 239860 webp-dbgsym_0.6.1-2ubuntu0.18.04.1_s390x.ddeb e3112d39f2d9c9a82d88efd84a93787e23d40c7b 74224 webp_0.6.1-2ubuntu0.18.04.1_s390x.deb Checksums-Sha256: cfe73e2603501a2e2c8c5f45804ec3074495caa5e86df6fe73af33dcbe4e0025 223568 libwebp-dev_0.6.1-2ubuntu0.18.04.1_s390x.deb 3b23564543d21ca787bd4b18d9bbd000d2f1ac92c1bfdbe8788339f844ea6a97 644472 libwebp6-dbgsym_0.6.1-2ubuntu0.18.04.1_s390x.ddeb 83a8fe2980d6819d9b3197b2d8e538583feccaecb7e5bb0aba6dbf1cb76efda1 149584 libwebp6_0.6.1-2ubuntu0.18.04.1_s390x.deb 4845383724ccd9feecca3ced51710692bd1057053ddb0563620dc63c70695088 11029 libwebp_0.6.1-2ubuntu0.18.04.1_s390x.buildinfo f65af84ee3bd6ce7c0100c0667da9ff5a6c831dcce5d4f036ae92b0633c3e58a 27240 libwebpdemux2-dbgsym_0.6.1-2ubuntu0.18.04.1_s390x.ddeb 379624411931f5c6efd6c28f0daafd4436f077914faa2a72dcae58da39d8e71e 9168 libwebpdemux2_0.6.1-2ubuntu0.18.04.1_s390x.deb 5ac9ff80dc517083ebe0319a40fa24f140b83bcd5a9bc600af1dd0b315bb8ff5 63928 libwebpmux3-dbgsym_0.6.1-2ubuntu0.18.04.1_s390x.ddeb ccfd2825b92636c3fc9e0b5be8660157be17ed1e5bfde928d6466acedfe2f979 18316 libwebpmux3_0.6.1-2ubuntu0.18.04.1_s390x.deb fd6bf02f1ce8183d3a5585d7a502b5734d8a24aafa97a55f837e66842f386a1e 239860 webp-dbgsym_0.6.1-2ubuntu0.18.04.1_s390x.ddeb e19acea33df5f20c226b86452dddc246112e7a4a2fa3ba4f7945631f1afe102c 74224 webp_0.6.1-2ubuntu0.18.04.1_s390x.deb Files: 6047cd175feb9d6e8ceda4c6e6ecbf60 223568 libdevel optional libwebp-dev_0.6.1-2ubuntu0.18.04.1_s390x.deb c701e7c1d457c54c06603162717d94eb 644472 debug optional libwebp6-dbgsym_0.6.1-2ubuntu0.18.04.1_s390x.ddeb ac9fe283a5e44ecc4dae66013f5a7fa8 149584 libs optional libwebp6_0.6.1-2ubuntu0.18.04.1_s390x.deb bbeae0b26edc0e4ee7b08d13500ae228 11029 libs optional libwebp_0.6.1-2ubuntu0.18.04.1_s390x.buildinfo 29b9040c25d1ae2e64a8e7e110911317 27240 debug optional libwebpdemux2-dbgsym_0.6.1-2ubuntu0.18.04.1_s390x.ddeb 9065401473a839b657bcd5182fc0ef1b 9168 libs optional libwebpdemux2_0.6.1-2ubuntu0.18.04.1_s390x.deb d6947490c743adc9326665931df9ac66 63928 debug optional libwebpmux3-dbgsym_0.6.1-2ubuntu0.18.04.1_s390x.ddeb 54fc0a86f2b2273c46441804f593f300 18316 libs optional libwebpmux3_0.6.1-2ubuntu0.18.04.1_s390x.deb 4cd49bfbe57eed6de85c1e9660617179 239860 debug optional webp-dbgsym_0.6.1-2ubuntu0.18.04.1_s390x.ddeb 36bc6ab5cca4d964df480bd4dd9ef2c5 74224 graphics optional webp_0.6.1-2ubuntu0.18.04.1_s390x.deb Original-Maintainer: Jeff Breidenbach