Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

app-text/djvu: Security bump #16210

Closed
wants to merge 1 commit into from
Closed

app-text/djvu: Security bump #16210

wants to merge 1 commit into from

Conversation

ajakk
Copy link
Member

@ajakk ajakk commented Jun 13, 2020
edited

Bump to upstream tag debian/3.5.27.1-14, which includes fixes for
numerous security issues:

293 Segmentation fault when trying to open a djvu file with djview4
https://sourceforge.net/p/djvu/bugs/293/
fix: 8407dd3421f720ab2e1a61e3f1e60e08967f98db

295 Invalid Memory Read when calling read_tiff
https://sourceforge.net/p/djvu/bugs/295/
fix: 23522feec1e200cd2981c8e063ce1ea3a333a14f

302 out-of-bounds write in function DJVU::DjVuTXT::decode at DjVuText.cpp:348-20
https://sourceforge.net/p/djvu/bugs/302/
fix: 7b0ef20690e08f1fe124aebbf42f6310e2f40f81

309 DJVU::filter_fv@IW44EncodeCodec.cpp:499-43___SEGV_UNKNOW
https://sourceforge.net/p/djvu/bugs/309/
fix: c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125

Bug 718552: CVE-2019-1514{2..5}
Bug 536720: insecure use of /tmp

@ajakk
app-text/djvu: Security bump
f527aa1 
Bump to upstream tag debian/3.5.27.1-14, which includes fixes for
numerous security issues.

Bug: https://bugs.gentoo.org/536720
Bug: https://bugs.gentoo.org/718552
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: John Helmert III <jchelmert3@posteo.net>
@gentoo-bot
Copy link

Pull Request assignment

Submitter: @ajakk
Areas affected: ebuilds
Packages affected: app-text/djvu

app-text/djvu: @gentoo/tex

Linked bugs

Bugs linked: 536720, 718552

In order to force reassignment and/or bug reference scan, please append [please reassign] to the pull request title.

Docs: Code of ConductCopyright policy (expl.) ● DevmanualGitHub PRsProxy-maint guide

@gentoo-bot gentoo-bot added assigned PR successfully assigned to the package maintainer(s). bug linked Bug/Closes found in footer, and cross-linked with the PR. labels Jun 13, 2020
@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2020-06-13 07:27 UTC
Newest commit scanned: f527aa1
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/0d1e717089/output.html

@Zlogene
Copy link
Contributor

Zlogene commented Jun 13, 2020

Meh, sometimes I wish we had this removed.

@ajakk ajakk deleted the djvu-security branch October 26, 2022 15:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
assigned PR successfully assigned to the package maintainer(s). bug linked Bug/Closes found in footer, and cross-linked with the PR.
Projects
None yet
Milestone
No milestone
4 participants
@ajakk @gentoo-bot @gentoo-repo-qa-bot @Zlogene