|
|
Subscribe / Log in / New account

Debian alert DLA-2667-1 (djvulibre)



From:
              Sylvain Beucler <beuc@beuc.net>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 2667-1] djvulibre security update


Date:
              Wed, 26 May 2021 18:02:02 +0200


Message-ID:
              <20210526160202.GA25182@mail.beuc.net>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2667-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Sylvain Beucler
May 26, 2021                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : djvulibre
Version        : 3.5.27.1-7+deb9u1
CVE ID         : CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 
                 CVE-2019-18804 CVE-2021-3500 CVE-2021-32490 CVE-2021-32491 
                 CVE-2021-32492 CVE-2021-32493
Debian Bug     : 945114 988215

Several vulnerabilities were discovered in djvulibre, a library and
set of tools to handle documents in the DjVu format. An attacker could
crash document viewers and possibly execute arbitrary code through
crafted DjVu files.

For Debian 9 stretch, these problems have been fixed in version
3.5.27.1-7+deb9u1.

We recommend that you upgrade your djvulibre packages.

For the detailed security status of djvulibre please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/djvulibre

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmCubUYACgkQDTl9HeUl
XjCJZA/+Oivd5tB7z7VTT61KEZLAkfhjCB3iYZhcJ6Uqs599ZXNjXyewPQejhbRn
tELWwE3y5s60lFH98kDMImHMmKVg2UvQabnIpCnUOIcJ8QKduwrE79gV7sxHzjvD
ItbKtChMPo61QgtLcnajrFmBlrn3hV2ATEp2qBT65TW5vFeiPoYdP796IG71nMp0
V4fkxSKoy36bYYRprbHntzo0QGzf1fbgD6te3WMDYDIn3FQuWxSwGIxn1YH1YN6W
K1PbfdzHNYL6njLm04VrLegQPlhF+LV3fcRPHCTQhJwy0Nlrj5O7iQR+kOT0GJ9p
HdjW+L5K2RY2poefaxFLCtXJBaBoiQTgpFpll9SyCu8Dx3D0tk33uOqfJlwH+a9z
+zRqK/XKyoZe0WFu+Agy0k+bVfUbzZFf0Y6PZ+HsqM0vO/5F15Y3XO46ELAZMMRW
HebGPcm+6mf5NIlMqYdn8k2t+JyTDKNVpFTD45Pja4NrIrB9u1dxg1qMNeaXKn0A
PSW1z1n1wXnEARyUABpnbMrpU7DEzPlphLm3QlLL5NJ1PZGEOPPyCQfm4iAPPbaJ
cchxy84hApEcyQAjcp6AZW4lRmX0XVULP2/Ay2YvV94se1gaCg2VzlqKUfJeI40X
yodjj7gD2/eKVUzYRQE0jGgljhbmgS/20TXmyzqk4QuBEkclbdk=
=k93n
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds