Format: 1.8 Date: Thu, 20 May 2021 07:52:26 -0400 Source: libwebp Binary: libwebp-dev libwebp6 libwebpdemux2 libwebpmux3 webp Built-For-Profiles: noudeb Architecture: ppc64el Version: 0.6.1-2ubuntu1 Distribution: impish-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libwebp-dev - Lossy compression of digital photographic images. libwebp6 - Lossy compression of digital photographic images. libwebpdemux2 - Lossy compression of digital photographic images. libwebpmux3 - Lossy compression of digital photographic images. webp - Lossy compression of digital photographic images. Changes: libwebp (0.6.1-2ubuntu1) impish; urgency=medium . * SECURITY UPDATE: heap-based buffer overflow in GetLE16() and GetLE24() - debian/patches/CVE-2018-25009.patch: check data_size in src/mux/muxread.c. - CVE-2018-25009 - CVE-2018-25012 * SECURITY UPDATE: heap-based buffer overflow in ApplyFilter() - debian/patches/CVE-2018-25010.patch: limit the filter size in src/utils/quant_levels_dec_utils.c. - CVE-2018-25010 * SECURITY UPDATE: heap-based buffer overflow in PutLE16() - debian/patches/CVE-2018-25011.patch: limit number of image chunks in src/mux/muxread.c. - CVE-2018-25011 * SECURITY UPDATE: heap-based buffer overflow in ShiftBytes() and in ReadSymbol() - debian/patches/CVE-2018-25013_4.patch: wait for all threads to be done in DecodeRemaining in src/dec/idec_dec.c. - CVE-2018-25013 - CVE-2018-25014 * SECURITY UPDATE: heap-based buffer overflow in WebPDecode*Into functions - debian/patches/CVE-2020-36328.patch: fix buffer size check in src/dec/buffer_dec.c. - CVE-2020-36328 * SECURITY UPDATE: use-after-free in EmitFancyRGB() - debian/patches/CVE-2020-36329.patch: fix thread race heap-use-after-free in src/dec/idec_dec.c. - CVE-2020-36329 * SECURITY UPDATE: heap-based buffer overflow in ChunkVerifyAndAssign() - debian/patches/CVE-2020-36330.patch: fix riff size checks in src/mux/muxread.c. - CVE-2020-36330 * SECURITY UPDATE: heap-based buffer overflow in ChunkAssignData() - debian/patches/CVE-2020-36331.patch: validate chunk_size in src/mux/muxi.h, src/mux/muxread.c. - CVE-2020-36331 * SECURITY UPDATE: extreme memory allocation when reading a file - debian/patches/CVE-2020-36332-pre1.patch: limit memory allocation when reading invalid Huffman codes in src/dec/vp8l_dec.c. - debian/patches/CVE-2020-36332.patch: better handling of bogus Huffman codes in src/dec/vp8l_dec.c. - CVE-2020-36332 Checksums-Sha1: 0547b27c35a94ab223ff25e290d3ebba1930887e 341444 libwebp-dev_0.6.1-2ubuntu1_ppc64el.deb 14daa808b06751cd676476244791df82b1a91c8a 915824 libwebp6-dbgsym_0.6.1-2ubuntu1_ppc64el.ddeb f494adab84b24fa652df9a934af18630bd784b5b 255788 libwebp6_0.6.1-2ubuntu1_ppc64el.deb d9d179d0cfe7f1e51c9bc6a82bd5a6f054d533c5 10695 libwebp_0.6.1-2ubuntu1_ppc64el.buildinfo 1245ee60ea2088791e139e67fa7dc3ea6d8feb93 32172 libwebpdemux2-dbgsym_0.6.1-2ubuntu1_ppc64el.ddeb 074a2ae53f3b38d8d3e21ed249e6ae984a00c812 10800 libwebpdemux2_0.6.1-2ubuntu1_ppc64el.deb b89b2898e0a612edf208320a93ffad2c2926b662 89644 libwebpmux3-dbgsym_0.6.1-2ubuntu1_ppc64el.ddeb daf222992672fc3f13bfba89c4047f1464354f20 23252 libwebpmux3_0.6.1-2ubuntu1_ppc64el.deb f10052e6cecc620d4eb545c6846aae5d7e63448d 283996 webp-dbgsym_0.6.1-2ubuntu1_ppc64el.ddeb 60ef985f2a961c5b9640e9c4478992eea5c687af 84008 webp_0.6.1-2ubuntu1_ppc64el.deb Checksums-Sha256: 244f7b98bdd7e9d438957f43a949f2dc8ead09fa5cccc4111a09ed79f99b41ea 341444 libwebp-dev_0.6.1-2ubuntu1_ppc64el.deb c3909cdaa96730f621598e2e1bfc144c42b9f6c27f0ec5e9a13717a29face945 915824 libwebp6-dbgsym_0.6.1-2ubuntu1_ppc64el.ddeb a6e515c45b3537b10e58373e7d2c102c1533247e341735df0c4696893d554f56 255788 libwebp6_0.6.1-2ubuntu1_ppc64el.deb ac4dd1f752d9c4f570a88abd6d0b093c6d1c0c088ac5e7115483f38fcd450b6e 10695 libwebp_0.6.1-2ubuntu1_ppc64el.buildinfo 76bd1e2e3ccbcfd4790d7fd4a71eaa0df7e4b757bb00d98673b12ece38cfa06d 32172 libwebpdemux2-dbgsym_0.6.1-2ubuntu1_ppc64el.ddeb 015eed1e64ac317bd7aae6306ab5218518bbef0bb7a88111655677b7fc769a63 10800 libwebpdemux2_0.6.1-2ubuntu1_ppc64el.deb b7232fafd2335c03cdd86576ca09990a4799231c9f44d1d847eb3f39ca33c228 89644 libwebpmux3-dbgsym_0.6.1-2ubuntu1_ppc64el.ddeb 89be1b3f94e8690e79b1ffba7e2de742345f3bc39c3670f8d2b930c7b86a03ee 23252 libwebpmux3_0.6.1-2ubuntu1_ppc64el.deb eba76174cc1e6ed544a671c25c92d4acc2ba2e75a454b6d4fed551ad69f5b841 283996 webp-dbgsym_0.6.1-2ubuntu1_ppc64el.ddeb 4ffa75f232d228a01ef2a20ac6c3b4d19e9b1b57f8a5816733bfd5f066c6aec6 84008 webp_0.6.1-2ubuntu1_ppc64el.deb Files: 9fb5b162b734e23f45eefc31b65f3ae8 341444 libdevel optional libwebp-dev_0.6.1-2ubuntu1_ppc64el.deb 07a686a0232aba4d70c95a90b4e5a696 915824 debug optional libwebp6-dbgsym_0.6.1-2ubuntu1_ppc64el.ddeb da4ea947ba5704e18a746838a5d80b84 255788 libs optional libwebp6_0.6.1-2ubuntu1_ppc64el.deb f66a29d2093d51458d91a8c3eab24276 10695 libs optional libwebp_0.6.1-2ubuntu1_ppc64el.buildinfo fbd5db0da05d44dab100fdb32730770a 32172 debug optional libwebpdemux2-dbgsym_0.6.1-2ubuntu1_ppc64el.ddeb 5a4745af6b1a9a9795822d61f7ec9527 10800 libs optional libwebpdemux2_0.6.1-2ubuntu1_ppc64el.deb bc998201e66e6ae388955da8eed5d143 89644 debug optional libwebpmux3-dbgsym_0.6.1-2ubuntu1_ppc64el.ddeb 5d4a19bfcbc5b83e4fc3930b52cd3949 23252 libs optional libwebpmux3_0.6.1-2ubuntu1_ppc64el.deb e4ce3cb851ed09ccc7e6ed2c3207a7b5 283996 debug optional webp-dbgsym_0.6.1-2ubuntu1_ppc64el.ddeb 06f825a9bc67d4098b06a24e65f5d313 84008 graphics optional webp_0.6.1-2ubuntu1_ppc64el.deb Original-Maintainer: Jeff Breidenbach