-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 03 Jul 2025 16:06:10 +0800
Source: jpeg-xl
Binary: libjpegxl-java libjpegxl-java-dbgsym libjxl-dev libjxl-devtools libjxl-devtools-dbgsym libjxl-tools libjxl-tools-dbgsym libjxl0.7 libjxl0.7-dbgsym
Architecture: amd64
Version: 0.7.0-10+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description:
 libjpegxl-java - JPEG XL Image Coding System - "JXL" (java bindings)
 libjxl-dev - JPEG XL Image Coding System - "JXL" (development files)
 libjxl-devtools - JPEG XL Image Coding System - "JXL" (dev command line utility)
 libjxl-tools - JPEG XL Image Coding System - "JXL" (command line utility)
 libjxl0.7  - JPEG XL Image Coding System - "JXL" (shared libraries)
Closes: 1034722 1055306 1088818
Changes:
 jpeg-xl (0.7.0-10+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2023-0645: out of bounds read in the exif handler (Closes: #1034722)
   * CVE-2023-35790: integer underflow in patch decoding can lead to a denial
     of service issue. (Closes: #1055306)
   * CVE-2024-11403: out-of-bounds write in the JPEG decoder when doing
     recompression. (Closes: #1088818)
   * CVE-2024-11498: stack buffer overflow in modular trees (Closes: #1088818)
Checksums-Sha1:
 9fe52657dd8e546c20600744359c4ebce9fac2a7 14555 jpeg-xl_0.7.0-10+deb12u1_amd64-buildd.buildinfo
 b5bc5addfe04bfe72e79a579063669d877a9210a 9882016 libjpegxl-java-dbgsym_0.7.0-10+deb12u1_amd64.deb
 2793593a76f1bf767e111a3efb39f1385957a1da 454480 libjpegxl-java_0.7.0-10+deb12u1_amd64.deb
 5e3ebb99ab248cea9bc9399fb4907493761468e9 49640 libjxl-dev_0.7.0-10+deb12u1_amd64.deb
 3505af6e8ab32792739e83ca241fcef72569ed4c 280855960 libjxl-devtools-dbgsym_0.7.0-10+deb12u1_amd64.deb
 a797496ed542483916dcb8571a359d9acd4d03c2 3946188 libjxl-devtools_0.7.0-10+deb12u1_amd64.deb
 c1797c2c9c6313d59468660b7874b297af209383 27008428 libjxl-tools-dbgsym_0.7.0-10+deb12u1_amd64.deb
 c611cb59f6c816847d77d522111c6bc5c7e084ca 1071428 libjxl-tools_0.7.0-10+deb12u1_amd64.deb
 533e763fb67459c89d4fc926d6d500869e758aca 24606452 libjxl0.7-dbgsym_0.7.0-10+deb12u1_amd64.deb
 17573c002b732c8f4135528f4d116c2a6a2b2bb3 1045736 libjxl0.7_0.7.0-10+deb12u1_amd64.deb
Checksums-Sha256:
 09b6de7b807a8201e0bf8b64d535b1d0282c36e70461072199f5bb6bf8934864 14555 jpeg-xl_0.7.0-10+deb12u1_amd64-buildd.buildinfo
 22c0c53e9743956007f10b1cccde4f601c000411841c85794088a878fb6e8d74 9882016 libjpegxl-java-dbgsym_0.7.0-10+deb12u1_amd64.deb
 c7e1d3ca192895a909991c939e079c219fac554e527945916cc417f7d5e707f4 454480 libjpegxl-java_0.7.0-10+deb12u1_amd64.deb
 687722948fa18c8e259d04b47ce7e137861e34dbd902e0810b633997bd67dc98 49640 libjxl-dev_0.7.0-10+deb12u1_amd64.deb
 b595a83f5f8bf89d49aea0df2c0623ca58edd3e1ad3f9e220716ce3c76d81a7c 280855960 libjxl-devtools-dbgsym_0.7.0-10+deb12u1_amd64.deb
 2407e821f47b183f75fa55d83cfcdf24e8892aae9e79d50f547db994bedc293f 3946188 libjxl-devtools_0.7.0-10+deb12u1_amd64.deb
 1173985adb992655cc62eafa3f06c2ebeb0f0bd40829ab73595939e2ab222199 27008428 libjxl-tools-dbgsym_0.7.0-10+deb12u1_amd64.deb
 b65e3e74970676b93518c999ab2ea7b5030face7a2f983b472c466775794ccb3 1071428 libjxl-tools_0.7.0-10+deb12u1_amd64.deb
 2bd4235bd76c3758622f3fe1a73b53eba23006e086bbb4596c506bea4bc5edac 24606452 libjxl0.7-dbgsym_0.7.0-10+deb12u1_amd64.deb
 19e747c8b509af924d5d2b1602e9eb68ff60a93576e07e0dfd55ca1f857fdf65 1045736 libjxl0.7_0.7.0-10+deb12u1_amd64.deb
Files:
 3957df2aa219050a200d0f3d10fbc5cd 14555 graphics optional jpeg-xl_0.7.0-10+deb12u1_amd64-buildd.buildinfo
 90c71981b049c67f41aed68fcc39008b 9882016 debug optional libjpegxl-java-dbgsym_0.7.0-10+deb12u1_amd64.deb
 a99fc066880fb053171baf2a5877673c 454480 java optional libjpegxl-java_0.7.0-10+deb12u1_amd64.deb
 e0f3ec34a790617c8771e218976c175d 49640 libdevel optional libjxl-dev_0.7.0-10+deb12u1_amd64.deb
 6d8b2bfaf31667c0acfb74de5c1499cf 280855960 debug optional libjxl-devtools-dbgsym_0.7.0-10+deb12u1_amd64.deb
 b3dcf5908efc343fafdcc1f0eb13c3c5 3946188 utils optional libjxl-devtools_0.7.0-10+deb12u1_amd64.deb
 ff7b90193a497b79349a37b6792282a6 27008428 debug optional libjxl-tools-dbgsym_0.7.0-10+deb12u1_amd64.deb
 f94538be76b2fa7972734be38bdb4aa5 1071428 utils optional libjxl-tools_0.7.0-10+deb12u1_amd64.deb
 c6e9851b954b50d20eef23335c6e1869 24606452 debug optional libjxl0.7-dbgsym_0.7.0-10+deb12u1_amd64.deb
 cbd88a6c462e75b468530cdbc77913ac 1045736 libs optional libjxl0.7_0.7.0-10+deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEnw0rdzqckKx6dwRTEbCLukZn24oFAmhmWfoACgkQEbCLukZn
24oyQQ//ZOPHnNBsV7spODttV0rOp6+BgEUUOiA81iNWex3+0qQCDZbdwBie/Yzp
Ecy5Ic1eYoLZdAVrHRXxYXeggoNY64ZU9zHWhnObYFidMOWJNHHW8q2ZG1ZWP0io
C/DW5zFXiWhGx581wA5FHOadE2qcV0KS+WKjJjrIgxwEUmfCJMImf8ijmtSrSL1n
7TgNMPYNd9qNlY7MwdEIOCgSd+QfoE8m0UV9ZRMUC5eFReqyCpluO8g0D/qXCAVz
rixyKudcp7V/9mgUDEpAhmZbePeeZ681/LcPxFrEuKZ9SCJnAaWUvopbPxFLx4RP
59jm+nFkR/d6a0tGKENjqWAY9pFznIpaKWyHoMUB4fHPEXiChvUZsrBCOu8ZePhT
6ZozsEJrvh4SP8fhEdSCq4vKAsYNyZd7fsbCafFiqthD1WvE3rzFpeMT62Y5xFbO
5D1oIfrgcwMBAJQD7z+vqD9GLPiKSGyDrWkFzT1ZGbYyghq3XM+T2totyWKFLFCO
8Rl5N2mVOAozULl3QRHgUHFV14Toma75V5zbIsS+2FFYPhq1fEKEIDm/QQ2DmSdA
9r5Xt4FjBD/dguutZ7QDnMku17bs65dHvr+4Dz6kXTidQlN8pPgTFUstgGFJpHrn
Ow+bhuFg/Km4cUzG/lEloeInivE3tbahC6/3iwiPumxu49pbl0U=
=Hih5
-----END PGP SIGNATURE-----