Overview
Request 892443 superseded
- security update
- added patches
fix CVE-2021-32490 [bsc#1185895], Out of bounds write in function DJVU:filter_bv() via crafted djvu file
+ djvulibre-CVE-2021-32490.patch
fix CVE-2021-32491 [bsc#1185900], Integer overflow in function render() in tools/ddjvu via crafted djvu file
+ djvulibre-CVE-2021-32491.patch
fix CVE-2021-32492 [bsc#1185904], Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file
+ djvulibre-CVE-2021-32492.patch
fix CVE-2021-32493 [bsc#1185905], Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file
+ djvulibre-CVE-2021-32493.patch
- Created by pgajdos
- In state superseded
- Superseded by 892460
- Open review for licensedigger
- Open review for factory-staging
Request History
pgajdos created request
- security update
- added patches
fix CVE-2021-32490 [bsc#1185895], Out of bounds write in function DJVU:filter_bv() via crafted djvu file
+ djvulibre-CVE-2021-32490.patch
fix CVE-2021-32491 [bsc#1185900], Integer overflow in function render() in tools/ddjvu via crafted djvu file
+ djvulibre-CVE-2021-32491.patch
fix CVE-2021-32492 [bsc#1185904], Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file
+ djvulibre-CVE-2021-32492.patch
fix CVE-2021-32493 [bsc#1185905], Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file
+ djvulibre-CVE-2021-32493.patch
factory-auto declined review
Output of check script:
djvulibre-3.5.28.tar.gz /home/go/co/892443/djvulibre/djvulibre-3.5.28.tar.gz differ: char 13, line 1
ERROR: download_files is configured to fail when the upstream file is different than the committed file... this is the case!
Source URLs are not valid. Try "osc service runall download_files".
factory-auto declined request
Output of check script:
djvulibre-3.5.28.tar.gz /home/go/co/892443/djvulibre/djvulibre-3.5.28.tar.gz differ: char 13, line 1
ERROR: download_files is configured to fail when the upstream file is different than the committed file... this is the case!
Source URLs are not valid. Try "osc service runall download_files".
superseded by 892460