1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1108729: marked as done (djvulibre: CVE-2025-53367) (2/2)

    From Debian Bug Tracking System@1:229/2 to All on Fri Jul 4 17:10:01 2025
    [continued from previous message]

    bh=ncKzqBWESxtONoAl3IDXXpem29LLh/QIIGHSpKy0WMc=; b=Kq2BSpkDEVx/CRQQto0wqCn1dF
    Sr06Q3IL/VuhRnKTIHIwVKKsDWH1OFX6BidRH5Um8clvU4HOAZNfzp3yHZ9Ho3M6fmBtmNb0LN0km
    MNgCaI2CToz5NfdQhKhDQ5MRqQt1kuWFDDM+RvxmFawIDGtyDyIeRovpaf5rxKp9V6SE7HBTnf9OW
    1f7MsiXcDXo0fmu1Txv+fPydMNYd23VN88zzkVr3/iRSABXt2VZNU2/lnYugSaqNczShZwCAE6LrY
    WXYb9bBuzE7CIxZhQO4jQdzlt2kii0+Dj7WHuytbKOCWE3FB2ob9vF4ZfBQONQlNtwYuMdj3FWPEK
    By15a4ww==;
    Received: from dak by fasolo.debian.org with local (Exim 4.94.2)
    (envelope-from <[email protected]>)
    id 1uXhxf-006DXA-Gg; Fri, 04 Jul 2025 15:04:23 +0000
    From: Debian FTP Masters <[email protected]>
    Reply-To: Salvatore Bonaccorso <[email protected]>
    To: [email protected]
    X-DAK: dak process-upload
    X-Debian: DAK
    X-Debian-Package: djvulibre
    Debian: DAK
    Debian-Changes: djvulibre_3.5.28-2.1_source.changes
    Debian-Source: djvulibre
    Debian-Version: 3.5.28-2.1
    Debian-Architecture: source
    Debian-Suite: unstable
    Debian-Archive-Action: accept
    MIME-Version: 1.0
    Subject: Bug#1108729: fixed in djvulibre 3.5.28-2.1
    Content-Type: multipart/signed; micalg="pgp-sha256";
    protocol="application/pgp-signature";
    boundary="===============0870575373549248026=="
    Message-Id: <[email protected]>
    Date: Fri, 04 Jul 2025 15:04:23 +0000

    --===============0870575373549248026==
    Content-Type: text/plain; charset="utf-8"
    Content-Transfer-Encoding: quoted-printable

    Source: djvulibre
    Source-Version: 3.5.28-2.1
    Done: Salvatore Bonaccorso <[email protected]>

    We believe that the bug you reported is fixed in the latest version of djvulibre, which is due to be installed in the Debian FTP archive.

    A summary of the changes between this version and the previous one is
    attached.

    Thank you for reporting the bug, which will now be closed. If you
    have further comments please address them to [email protected],
    and the maintainer will reopen the bug report if appropriate.

    Debian distribution maintenance software
    pp.
    Salvatore Bonaccorso <[email protected]> (supplier of updated djvulibre package)

    (This message was generated automatically at their request; if you
    believe that there is a problem with it please contact the archive administrators by mailing [email protected])


    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Fri, 04 Jul 2025 07:38:58 +0200
    Source: djvulibre
    Architecture: source
    Version: 3.5.28-2.1
    Distribution: unstable
    Urgency: high
    Maintainer: Barak A. Pearlmutter <[email protected]>
    Changed-By: Salvatore Bonaccorso <[email protected]>
    Closes: 1108729
    Changes:
    djvulibre (3.5.28-2.1) unstable; urgency=high
    .
    * Non-maintainer upload.
    * Fix potential buffer overflow in MMRDecoder (CVE-2025-53367)
    (Closes: #1108729)
    Checksums-Sha1:
    9c3bfc769e80dcc1cb5ad2a7f75f8900250fff09 2530 djvulibre_3.5.28-2.1.dsc
    8b8da7e16ac66a5ad68b935679ad7550fd5a9377 17928 djvulibre_3.5.28-2.1.debian.tar.xz
    eccd71a7bc3ece381542b4a0fbab73c2a849e3ca 5988 djvulibre_3.5.28-2.1_source.buildinfo
    Checksums-Sha256:
    89d5473060fe512e91b36a6879d1cc488bd8546623b1c44df9d06eef2bc05224 2530 djvulibre_3.5.28-2.1.dsc
    4b0d84a3a45a399a40aed344169ae1ea5edea41c2c1971b4279aec1413d4f5ea 17928 djvulibre_3.5.28-2.1.debian.tar.xz
    9ac8d3a64646b791e36cf76b8b8a14290b725d3609311de6e3c967f3ee783b35 5988 djvulibre_3.5.28-2.1_source.buildinfo
    Files:
    e9a91410d5708efeebbc18979409c9c1 2530 libs optional djvulibre_3.5.28-2.1.dsc
    49cd57d8ea11b8ca116c39b2b10ba720 17928 libs optional djvulibre_3.5.28-2.1.debian.tar.xz
    930cdbd43b158dd1592847e7798538e5 5988 libs optional djvulibre_3.5.28-2.1_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmhnaTlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EhxMQAJeTK6AKQCHSMrvydiMwty5F1P+rY5IE SscrztaicMjQ+tmZDcTaNHkt7kGmyPkuK3TaTjbP8F9cjFs8BaJn5j7pPXmLLPnY codE9Pjs2DQC8CInvPv/ZCpTqiDcanvVX0FSQY2GGQltSepCpTHog6llP4sTQijz 9bsg0sBcuAFCmrKBSNx2qlmEkhkVsLq0tVHZ3Fy4gqAYgzlpP6nvt6Qu3ESOaJkY EQzYNkBxjkrZj52o1ot1JhuGkSwXUl+8oFsXdCRkCptUVLVDzQ/+iPPCp1QUa6hy Kieo9dQC1ud+bixO8zRu/Nno3FsBBtd1ajU6SgZ7mjrVPkkPwIlbRA6iBux3xi0r Mq5Y5XiKeroDU6XYfxCqVxiTFsOPbCSHSNIuHToicquym7TEY0QYfO9B6qqFB9aJ AppPxX60GJJNMxfY8Qq3f68hYCAy2h5GJy0JhluoQLZJS6amd2Qvr9CBZE16O3Eq DknIvqb5amSjUv77Fq2LfCbf3pAGACZxPt7KdtikDJB8MuvgDP0Ip+Lp3NF8/GNw 13i8rjxxrtq3VakC65upYmLuJg24wkZroCqpDoZbCnSWyTc7aWHJyWdZ0vYdoUBO xYU+T3eZE35bUMXBCNoJ3KPOmPwPOdpFpHVgKhqpBT2KhDsi1KZAu671gXumwcgN
    3bWKtgqPGwsQ
    =0WSi
    -----END PGP SIGNATURE-----


    --==============70575373549248026=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaGftdwAKCRCb9qggYcy5 IUU5AQDcxCmp9ujK0KBlnbnT4Q8ykcrUNy6iol3KHdzrw2Cb3wD+OdccNqjtynaO iitYcFHXFm+fkMTvrl+fMYbkW8itKw4=8XXO
    -----END PGP SIGNATURE-----

    --==============70575373549248026==--

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From Debian Bug Tracking System@1:229/2 to All on Tue Jul 8 09:20:01 2025
    [continued from previous message]

    bh=Xh/7J3pSb8aMxfOLtK3cjbnDKkAP0ot218fcc8qTljA=; b=QvSq0I9sSnKs50Ik0KVP2W5/uf
    GNzVeYNbmBf9SbE68f4Y5uhOhSbuydh3F01wJ/tEscijm43yLc5jQYqSG8PrxHvcE09AqU6zgaQyA
    SvGf7vgASaLIB2Zi8IQ29GH6IJiEffiIUDE3ziJo8NXVDlZgcrfM1TYdfrifDa95SCQaozU/OK4Yv
    T6PYTUzKtzX6ynC45ML+G7RGUnpWPsn8V8o79BIsSpJvPnrEwPnUnMhB4tyJ2QVOvHZ+Nszt8uzYc
    BhzRjhrvTSmX2CPVUQmTpvoUG55tIXU694X2sFqsJ1lOwUowV50ecZvDp5OjaMALSUa8daT/G4AeV
    R6i3cpdw==;
    Received: from dak by fasolo.debian.org with local (Exim 4.94.2)
    (envelope-from <[email protected]>)
    id 1uZ2aN-0064JE-Im; Tue, 08 Jul 2025 07:17:51 +0000
    From: Debian FTP Masters <[email protected]>
    Reply-To: Salvatore Bonaccorso <[email protected]>
    To: [email protected]
    X-DAK: dak process-policy
    X-Debian: DAK
    X-Debian-Package: djvulibre
    Debian: DAK
    Debian-Changes: djvulibre_3.5.28-2.1~deb12u1_source.changes
    Debian-Source: djvulibre
    Debian-Version: 3.5.28-2.1~deb12u1
    Debian-Architecture: source
    Debian-Suite: proposed-updates
    Debian-Archive-Action: accept
    MIME-Version: 1.0
    Subject: Bug#1108729: fixed in djvulibre 3.5.28-2.1~deb12u1
    Content-Type: multipart/signed; micalg="pgp-sha256";
    protocol="application/pgp-signature";
    boundary="===============3579546795374608806=="
    Message-Id: <[email protected]>
    Date: Tue, 08 Jul 2025 07:17:51 +0000

    --===============3579546795374608806==
    Content-Type: text/plain; charset="utf-8"
    Content-Transfer-Encoding: quoted-printable

    Source: djvulibre
    Source-Version: 3.5.28-2.1~deb12u1
    Done: Salvatore Bonaccorso <[email protected]>

    We believe that the bug you reported is fixed in the latest version of djvulibre, which is due to be installed in the Debian FTP archive.

    A summary of the changes between this version and the previous one is
    attached.

    Thank you for reporting the bug, which will now be closed. If you
    have further comments please address them to [email protected],
    and the maintainer will reopen the bug report if appropriate.

    Debian distribution maintenance software
    pp.
    Salvatore Bonaccorso <[email protected]> (supplier of updated djvulibre package)

    (This message was generated automatically at their request; if you
    believe that there is a problem with it please contact the archive administrators by mailing [email protected])


    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Fri, 04 Jul 2025 21:33:39 +0200
    Source: djvulibre
    Architecture: source
    Version: 3.5.28-2.1~deb12u1
    Distribution: bookworm-security
    Urgency: high
    Maintainer: Barak A. Pearlmutter <[email protected]>
    Changed-By: Salvatore Bonaccorso <[email protected]>
    Closes: 1108729
    Changes:
    djvulibre (3.5.28-2.1~deb12u1) bookworm-security; urgency=high
    .
    * Non-maintainer upload by the Security Team.
    * Rebuild for bookworm-security
    .
    djvulibre (3.5.28-2.1) unstable; urgency=high
    .
    * Non-maintainer upload.
    * Fix potential buffer overflow in MMRDecoder (CVE-2025-53367)
    (Closes: #1108729)
    Checksums-Sha1:
    8378c99a29014003a8b2c4f3644600455dc71b9e 2562 djvulibre_3.5.28-2.1~deb12u1.dsc
    1846a9e3d84e0174ecda6c4bf2dfe11fb86ea487 2959024 djvulibre_3.5.28.orig.tar.xz
    21ebdd5487da3c0d995a25272fd8db094044d4a7 18000 djvulibre_3.5.28-2.1~deb12u1.debian.tar.xz
    94a8eef2459838852c18eec41e4a3eb0143563c2 6020 djvulibre_3.5.28-2.1~deb12u1_source.buildinfo
    Checksums-Sha256:
    11ef087eb1bbffd6414967cb432e9fb8ab919bfb0bfb95247d6c84dbae0de263 2562 djvulibre_3.5.28-2.1~deb12u1.dsc
    1223b7bf7c8dfe2e290882f3bfb88ba2468b30495a1bf8dfd54dc7e810987887 2959024 djvulibre_3.5.28.orig.tar.xz
    fd426066bd9bee9d6fd903a351b83cb55311d7109d4d39f7cb7b4a5b59933db2 18000 djvulibre_3.5.28-2.1~deb12u1.debian.tar.xz
    7fb23dcb27d0679b4c14a1a29e30da00776912ad9e296ee44005aa42502f32b7 6020 djvulibre_3.5.28-2.1~deb12u1_source.buildinfo
    Files:
    018d58fbb28e4992293e920642448413 2562 libs optional djvulibre_3.5.28-2.1~deb12u1.dsc
    2f72e25ecf571449aecc468fcfe4fb60 2959024 libs optional djvulibre_3.5.28.orig.tar.xz
    9a9048aaffdae23a06abfada004d74be 18000 libs optional djvulibre_3.5.28-2.1~deb12u1.debian.tar.xz
    aeda31b456bdb37b244b731066998b2b 6020 libs optional djvulibre_3.5.28-2.1~deb12u1_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmhoLTdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EJokQAIn/Lsjcz64usglsd86H1iXC+VKTfyCC tcTY18aDMt+Aio6ckUnoug3NH01RRLW4adeMnFX0FKT42C6gSPO363LNBsVR6/i1 1CJfP6UjU0A9zp1JvhX9XMAikp2UVcYOgfdxIKEs+gDm1FIoDIF/cteg2J6mo+IW rb9GTxzFzZ+KRPwyL+nLTuewkezETidXshjDD7i0OY2MrN7Ox8FoBAKPjS7kzTus qpvkJVVmswjKlNkh4Y930XNKvnSEvllGwOyszriowk15/9byQFRPY5D0fGBN34l5 WzVdajB+RXvjMmHLbNBVV+Z0jaTorEyM0gH/sns1FVp2le2eLQclFOitb1+WOnou OcXAFi5K9YTGLmdM8etTmIYVpD7BG0uXzHcHqlc4RYJX+HHMmkiByLZJu0voKWK1 YmpP02S9cHK7NcYi3L/D0OkZ5DmUa2GGAhXdi2GxuneQm7X/U42lDb2EI5uRhyjB DWmxVfe0JKogKo7gS+DlU1gHs/CqhQlSzWuCtimPDyvdNLBC+K8z9ByGvb4OQR/q O/Et9k1+PgBzpcMcKmMlzd2zY5+TfXtcdOlg3trsQaW1eLqaiZ5/UQVSOJ+F1f1x 7KZcqOEfY9UYS8wK6jmNvSQRDPbJmT9kjqhgIC+ZXz6oXVaLlHnqmEif31uK0vul
    h596cUsvl1M2
    =ykoF
    -----END PGP SIGNATURE-----


    --==============579546795374608806=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaGzGHwAKCRCb9qggYcy5 IfGlAQDV9OG0Een9m/+hTvc34leNvmOJehZg9QFn8OJp3v+ylQD9GMTwXvkLd+iC qRvnJ2bhmGGzeKeKaCFah09y8mTKPgY1Z3
    -----END PGP SIGNATURE-----

    --==============579546795374608806==--

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)