1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1108729: djvulibre: diff for NMU version 3.5.28-2.1

    From Salvatore Bonaccorso@21:1/5 to All on Fri Jul 4 07:50:01 2025
    Control: tags 1108729 + patch
    Control: tags 1108729 + pending


    Dear Barak,

    I've prepared an NMU for djvulibre (versioned as 3.5.28-2.1) and
    uploaded it to DELAYED/2. Please feel free to tell me if I
    should cancel it.

    The NMU delay is bit short, so I'm open to as well delay more or
    cancel it as you like. I plan to do though based on that if it is
    accepted as well a bookworm-security updae (as -2.1~deb12u1).

    Regards,
    Salvatore

    diffstat for djvulibre-3.5.28 djvulibre-3.5.28

    changelog | 8 ++
    patches/0008-Fix-potential-buffer-overflow-in-MMRDecoder.patch | 37 ++++++++++
    patches/series | 1
    3 files changed, 46 insertions(+)

    diff -Nru djvulibre-3.5.28/debian/changelog djvulibre-3.5.28/debian/changelog --- djvulibre-3.5.28/debian/changelog 2021-05-10 19:56:59.000000000 +0200
    +++ djvulibre-3.5.28/debian/changelog 2025-07-04 07:38:58.000000000 +0200
    @@ -1,3 +1,11 @@
    +djvulibre (3.5.28-2.1) unstable; urgency=high
    +
    + * Non-maintainer upload.
    + * Fix potential buffer overflow in MMRDecoder (CVE-2025-53367)
    + (Closes: #1108729)
    +
    + -- Salvatore Bonaccorso <[email protected]> Fri, 04 Jul 2025 07:38:58 +0200 +
    djvulibre (3.5.28-2) unstable; urgency=high

    * bump policy version
    diff -Nru djvulibre-3.5.28/debian/patches/0008-Fix-potential-buffer-overflow-in-MMRDecoder.patch djvulibre-3.5.28/debian/patches/0008-Fix-potential-buffer-overflow-in-MMRDecoder.patch
    --- djvulibre-3.5.28/debian/patches/0008-Fix-potential-buffer-overflow-in-MMRDecoder.patch 1970-01-01 01:00:00.000000000 +0100
    +++ djvulibre-3.5.28/debian/patches/0008-Fix-potential-buffer-overflow-in-MMRDecoder.patch 2025-07-04 07:38:11.000000000 +0200
    @@ -0,0 +1,37 @@
    +From: Leon Bottou <[email protected]>
    +Date: Wed, 2 Jul 2025 12:49:4
  • From Salvatore Bonaccorso@21:1/5 to All on Fri Jul 4 08:30:01 2025
    Hi Barak,

    Actually I might cancel it to see if there are the other CVE fixes
    which are now applicable.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Barak A. Pearlmutter@21:1/5 to All on Fri Jul 4 16:40:01 2025
    You're also welcome to push the commit and tag to the packaging repo.
    If you don't I will just download it from debsnap and do that myself.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Barak A. Pearlmutter@21:1/5 to All on Fri Jul 4 22:50:01 2025
    I welcome your help! Thanks. With any of my packages, it makes me happy
    when someone fixes things. Less work for me, higher quality for Debian.

    <div dir="auto">I welcome your help! Thanks. With any of my packages, it makes me happy when someone fixes things. Less work for me, higher quality for Debian.</div>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)