Control: tags 1052668 + patch
Control: tags 1052668 + pending
Control: tags 1052669 + patch
Control: tags 1052669 + pending
Dear maintainer,
I've prepared an NMU for djvulibre (versioned as 3.5.28-2.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I should
cancel it.
cu
Adrian
diffstat for djvulibre-3.5.28 djvulibre-3.5.28
changelog | 10 ++++++++++
patches/CVE-2021-46310.patch | 20 ++++++++++++++++++++
patches/CVE-2021-46312.patch | 20 ++++++++++++++++++++
patches/series | 2 ++
4 files changed, 52 insertions(+)
diff -Nru djvulibre-3.5.28/debian/changelog djvulibre-3.5.28/debian/changelog --- djvulibre-3.5.28/debian/changelog 2025-07-04 08:38:58.000000000 +0300
+++ djvulibre-3.5.28/debian/changelog 2025-07-18 20:57:51.000000000 +0300
@@ -1,3 +1,13 @@
+djvulibre (3.5.28-2.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2021-46310: Divide by zero in IW44Image::Map::image()
+ (Closes: #1052668)
+ * CVE-2021-46312: Divide by zero in IWBitmap::Encode::init()
+ (Closes: #1052669)
+
+ -- Adrian Bunk <
[email protected]> Fri, 18 Jul 2025 20:57:51 +0300
+
djvulibre (3.5.28-2.1) unstable; urgency=high
* Non-maintainer upload.
diff -Nru djvulibre-3.5.28/debian/patches/CVE-2021-46310.patch djvulibre-3.5.28/debian/patches/CVE-2021-46310.patch
--- djvulibre-3.5.28/debian/patches/CVE-2021-46310.patch 1970-01-01 02:00:00.000000000 +0200
+++ djvulibre-3.5.28/debian/patches/CVE-2021-46310.patch 2025-07-18 20:57:51.000000000 +0300
@@ -0,0 +1,20 @@
+Description: CVE-2021-46310: Divide by zero in IW44Image::Map::image() +Bug-Debian:
https://bugs.debian.org/1052668