Debian alert DLA-2702-1 (djvulibre)

From:
             
 
Utkarsh Gupta <utkarsh@debian.org>
To:
             
 
debian-lts-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DLA 2702-1] djvulibre security update
Date:
             
 
Sun, 04 Jul 2021 02:08:19 +0530
Message-ID:
             
 
 <CAPP0f94oBFMihA4oNCDWTAN0pNeVmxM40BAszT=r7_U2_+q-JA@mail.gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2702-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
July 03, 2021                               https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : djvulibre
Version        : 3.5.27.1-7+deb9u2
CVE ID         : CVE-2021-3630

An out-of-bounds write vulnerability was found in DjVuLibre in
DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file
which may lead to crash and segmentation fault.

For Debian 9 stretch, this problem has been fixed in version
3.5.27.1-7+deb9u2.

We recommend that you upgrade your djvulibre packages.

For the detailed security status of djvulibre please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/djvulibre

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmDgymAACgkQgj6WdgbD
S5ZZoBAA5lQ3qMy3UocDz+ViZ0/m7Z+Z4NHIJikpfzVngaa0RFkNe9u4F7CSNR57
Nz+QqdgxUJKID552l4SDU3KXjMSanlcQG/WO8cMeFPIX03fdVQgn6GNaIpMHCESA
eDWxAF3+UpXJR+vATMXHQYSXC/gsUWHBFDsVvEHsqogUpLewGM5tqbibkY3VZbV4
7j72iAHE2YN4BsbTxTEtPCo0NqxpOJro4jqTCMpHq7xmmo9jjAo1GYc2NVfSNDnJ
YUI6uWXraEPliwvun4ZD6N2HsbuvHJ/x9fPgqy/kSPO3BHgRutNG6XV4lCVhDNcw
ohrLQp0E5eHvyUjT2DJJmA9ToKDJqTwbBkCqPlPitjvg5YJ4PD5U61B/4cVWXyBg
P40FMz2t/tVyuU7Xy3UwJVoni+rmFVjuAmehKvAAoUkibwo4SLFmKGZfDDrcXiqJ
YykXlEnksEL2KGxL9O3ZoQEC/tAWwdOonQnHRfZTZXpDmO6uNJZLqmfPeducHqWe
4/WeDLBiTuRgy/H7BetLY6bxBuWGUMYjE2jc3ZeySJv8QyDnekGgL+9Fyoqz6lUY
qTbiUsw9FG0bZhm8+Me0xClYFocyCH13XAezvGngi+oibTa8Ee49PHAIQznHYpUa
sowIEy+HjJeP68HENvjirdI226ojcBOWIHWTRsDdt4KzVmlgtes=
=g+jg
-----END PGP SIGNATURE-----