-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 03 Jul 2025 16:06:10 +0800 Source: jpeg-xl Binary: libjpegxl-java libjpegxl-java-dbgsym libjxl-dev libjxl-devtools libjxl-devtools-dbgsym libjxl-tools libjxl-tools-dbgsym libjxl0.7 libjxl0.7-dbgsym Architecture: amd64 Version: 0.7.0-10+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Aron Xu Description: libjpegxl-java - JPEG XL Image Coding System - "JXL" (java bindings) libjxl-dev - JPEG XL Image Coding System - "JXL" (development files) libjxl-devtools - JPEG XL Image Coding System - "JXL" (dev command line utility) libjxl-tools - JPEG XL Image Coding System - "JXL" (command line utility) libjxl0.7 - JPEG XL Image Coding System - "JXL" (shared libraries) Closes: 1034722 1055306 1088818 Changes: jpeg-xl (0.7.0-10+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2023-0645: out of bounds read in the exif handler (Closes: #1034722) * CVE-2023-35790: integer underflow in patch decoding can lead to a denial of service issue. (Closes: #1055306) * CVE-2024-11403: out-of-bounds write in the JPEG decoder when doing recompression. (Closes: #1088818) * CVE-2024-11498: stack buffer overflow in modular trees (Closes: #1088818) Checksums-Sha1: 9fe52657dd8e546c20600744359c4ebce9fac2a7 14555 jpeg-xl_0.7.0-10+deb12u1_amd64-buildd.buildinfo b5bc5addfe04bfe72e79a579063669d877a9210a 9882016 libjpegxl-java-dbgsym_0.7.0-10+deb12u1_amd64.deb 2793593a76f1bf767e111a3efb39f1385957a1da 454480 libjpegxl-java_0.7.0-10+deb12u1_amd64.deb 5e3ebb99ab248cea9bc9399fb4907493761468e9 49640 libjxl-dev_0.7.0-10+deb12u1_amd64.deb 3505af6e8ab32792739e83ca241fcef72569ed4c 280855960 libjxl-devtools-dbgsym_0.7.0-10+deb12u1_amd64.deb a797496ed542483916dcb8571a359d9acd4d03c2 3946188 libjxl-devtools_0.7.0-10+deb12u1_amd64.deb c1797c2c9c6313d59468660b7874b297af209383 27008428 libjxl-tools-dbgsym_0.7.0-10+deb12u1_amd64.deb c611cb59f6c816847d77d522111c6bc5c7e084ca 1071428 libjxl-tools_0.7.0-10+deb12u1_amd64.deb 533e763fb67459c89d4fc926d6d500869e758aca 24606452 libjxl0.7-dbgsym_0.7.0-10+deb12u1_amd64.deb 17573c002b732c8f4135528f4d116c2a6a2b2bb3 1045736 libjxl0.7_0.7.0-10+deb12u1_amd64.deb Checksums-Sha256: 09b6de7b807a8201e0bf8b64d535b1d0282c36e70461072199f5bb6bf8934864 14555 jpeg-xl_0.7.0-10+deb12u1_amd64-buildd.buildinfo 22c0c53e9743956007f10b1cccde4f601c000411841c85794088a878fb6e8d74 9882016 libjpegxl-java-dbgsym_0.7.0-10+deb12u1_amd64.deb c7e1d3ca192895a909991c939e079c219fac554e527945916cc417f7d5e707f4 454480 libjpegxl-java_0.7.0-10+deb12u1_amd64.deb 687722948fa18c8e259d04b47ce7e137861e34dbd902e0810b633997bd67dc98 49640 libjxl-dev_0.7.0-10+deb12u1_amd64.deb b595a83f5f8bf89d49aea0df2c0623ca58edd3e1ad3f9e220716ce3c76d81a7c 280855960 libjxl-devtools-dbgsym_0.7.0-10+deb12u1_amd64.deb 2407e821f47b183f75fa55d83cfcdf24e8892aae9e79d50f547db994bedc293f 3946188 libjxl-devtools_0.7.0-10+deb12u1_amd64.deb 1173985adb992655cc62eafa3f06c2ebeb0f0bd40829ab73595939e2ab222199 27008428 libjxl-tools-dbgsym_0.7.0-10+deb12u1_amd64.deb b65e3e74970676b93518c999ab2ea7b5030face7a2f983b472c466775794ccb3 1071428 libjxl-tools_0.7.0-10+deb12u1_amd64.deb 2bd4235bd76c3758622f3fe1a73b53eba23006e086bbb4596c506bea4bc5edac 24606452 libjxl0.7-dbgsym_0.7.0-10+deb12u1_amd64.deb 19e747c8b509af924d5d2b1602e9eb68ff60a93576e07e0dfd55ca1f857fdf65 1045736 libjxl0.7_0.7.0-10+deb12u1_amd64.deb Files: 3957df2aa219050a200d0f3d10fbc5cd 14555 graphics optional jpeg-xl_0.7.0-10+deb12u1_amd64-buildd.buildinfo 90c71981b049c67f41aed68fcc39008b 9882016 debug optional libjpegxl-java-dbgsym_0.7.0-10+deb12u1_amd64.deb a99fc066880fb053171baf2a5877673c 454480 java optional libjpegxl-java_0.7.0-10+deb12u1_amd64.deb e0f3ec34a790617c8771e218976c175d 49640 libdevel optional libjxl-dev_0.7.0-10+deb12u1_amd64.deb 6d8b2bfaf31667c0acfb74de5c1499cf 280855960 debug optional libjxl-devtools-dbgsym_0.7.0-10+deb12u1_amd64.deb b3dcf5908efc343fafdcc1f0eb13c3c5 3946188 utils optional libjxl-devtools_0.7.0-10+deb12u1_amd64.deb ff7b90193a497b79349a37b6792282a6 27008428 debug optional libjxl-tools-dbgsym_0.7.0-10+deb12u1_amd64.deb f94538be76b2fa7972734be38bdb4aa5 1071428 utils optional libjxl-tools_0.7.0-10+deb12u1_amd64.deb c6e9851b954b50d20eef23335c6e1869 24606452 debug optional libjxl0.7-dbgsym_0.7.0-10+deb12u1_amd64.deb cbd88a6c462e75b468530cdbc77913ac 1045736 libs optional libjxl0.7_0.7.0-10+deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEnw0rdzqckKx6dwRTEbCLukZn24oFAmhmWfoACgkQEbCLukZn 24oyQQ//ZOPHnNBsV7spODttV0rOp6+BgEUUOiA81iNWex3+0qQCDZbdwBie/Yzp Ecy5Ic1eYoLZdAVrHRXxYXeggoNY64ZU9zHWhnObYFidMOWJNHHW8q2ZG1ZWP0io C/DW5zFXiWhGx581wA5FHOadE2qcV0KS+WKjJjrIgxwEUmfCJMImf8ijmtSrSL1n 7TgNMPYNd9qNlY7MwdEIOCgSd+QfoE8m0UV9ZRMUC5eFReqyCpluO8g0D/qXCAVz rixyKudcp7V/9mgUDEpAhmZbePeeZ681/LcPxFrEuKZ9SCJnAaWUvopbPxFLx4RP 59jm+nFkR/d6a0tGKENjqWAY9pFznIpaKWyHoMUB4fHPEXiChvUZsrBCOu8ZePhT 6ZozsEJrvh4SP8fhEdSCq4vKAsYNyZd7fsbCafFiqthD1WvE3rzFpeMT62Y5xFbO 5D1oIfrgcwMBAJQD7z+vqD9GLPiKSGyDrWkFzT1ZGbYyghq3XM+T2totyWKFLFCO 8Rl5N2mVOAozULl3QRHgUHFV14Toma75V5zbIsS+2FFYPhq1fEKEIDm/QQ2DmSdA 9r5Xt4FjBD/dguutZ7QDnMku17bs65dHvr+4Dz6kXTidQlN8pPgTFUstgGFJpHrn Ow+bhuFg/Km4cUzG/lEloeInivE3tbahC6/3iwiPumxu49pbl0U= =Hih5 -----END PGP SIGNATURE-----