Request 892443 (superseded)

This request is superseded by request 892460 (Show diff)

Overview

Request 892443 superseded

- security update
- added patches
fix CVE-2021-32490 [bsc#1185895], Out of bounds write in function DJVU:filter_bv() via crafted djvu file
+ djvulibre-CVE-2021-32490.patch
fix CVE-2021-32491 [bsc#1185900], Integer overflow in function render() in tools/ddjvu via crafted djvu file
+ djvulibre-CVE-2021-32491.patch
fix CVE-2021-32492 [bsc#1185904], Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file
+ djvulibre-CVE-2021-32492.patch
fix CVE-2021-32493 [bsc#1185905], Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file
+ djvulibre-CVE-2021-32493.patch

Created by pgajdos almost 3 years ago
In state superseded
Superseded by 892460
Open review for licensedigger
Open review for factory-staging

Submit djvulibre

Comments for request 892443 0

Request History

pgajdos created request almost 3 years ago

factory-auto declined review almost 3 years ago

Output of check script:
djvulibre-3.5.28.tar.gz /home/go/co/892443/djvulibre/djvulibre-3.5.28.tar.gz differ: char 13, line 1
ERROR: download_files is configured to fail when the upstream file is different than the committed file... this is the case!
Source URLs are not valid. Try "osc service runall download_files".

factory-auto declined request almost 3 years ago

pgajdos superseded request almost 3 years ago

superseded by 892460

Places

Overview