-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 03 Jul 2025 16:06:10 +0800 Source: jpeg-xl Binary: libjpegxl-java libjpegxl-java-dbgsym libjxl-dev libjxl-devtools libjxl-devtools-dbgsym libjxl-tools libjxl-tools-dbgsym libjxl0.7 libjxl0.7-dbgsym Architecture: arm64 Version: 0.7.0-10+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-conova-03) Changed-By: Aron Xu Description: libjpegxl-java - JPEG XL Image Coding System - "JXL" (java bindings) libjxl-dev - JPEG XL Image Coding System - "JXL" (development files) libjxl-devtools - JPEG XL Image Coding System - "JXL" (dev command line utility) libjxl-tools - JPEG XL Image Coding System - "JXL" (command line utility) libjxl0.7 - JPEG XL Image Coding System - "JXL" (shared libraries) Closes: 1034722 1055306 1088818 Changes: jpeg-xl (0.7.0-10+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2023-0645: out of bounds read in the exif handler (Closes: #1034722) * CVE-2023-35790: integer underflow in patch decoding can lead to a denial of service issue. (Closes: #1055306) * CVE-2024-11403: out-of-bounds write in the JPEG decoder when doing recompression. (Closes: #1088818) * CVE-2024-11498: stack buffer overflow in modular trees (Closes: #1088818) Checksums-Sha1: 4c240944881102705c8c36b7b278c63873d72e44 14409 jpeg-xl_0.7.0-10+deb12u1_arm64-buildd.buildinfo 5790995adb8a40f2078337455ddeb5369b4517c0 7352016 libjpegxl-java-dbgsym_0.7.0-10+deb12u1_arm64.deb a8e0de0e9835f25e818e2356505cc91e181d10dc 300908 libjpegxl-java_0.7.0-10+deb12u1_arm64.deb bb24eabad5bce29c8e8f9d8b5b289976d63a8a7e 49632 libjxl-dev_0.7.0-10+deb12u1_arm64.deb cf00c3987192c3d39cb08c903737513be4170477 212481872 libjxl-devtools-dbgsym_0.7.0-10+deb12u1_arm64.deb 727ff8279724f939f2b7fd7d0e940a7e0e048751 1928644 libjxl-devtools_0.7.0-10+deb12u1_arm64.deb 3c37645d52994916394e1b4eb1de51591a0acf33 20751316 libjxl-tools-dbgsym_0.7.0-10+deb12u1_arm64.deb b3680cb34080100286533224073fa9986d06894a 706660 libjxl-tools_0.7.0-10+deb12u1_arm64.deb 1d39dcf52be2a394ae949bc3df9b609c8e7d5149 17508776 libjxl0.7-dbgsym_0.7.0-10+deb12u1_arm64.deb 1375fb73511b741ea50cf0defdb78f8eb350c89f 643892 libjxl0.7_0.7.0-10+deb12u1_arm64.deb Checksums-Sha256: a51ee748ed18110052c4496baea1d70b861405a5e8a8c4028995998445ae4b8e 14409 jpeg-xl_0.7.0-10+deb12u1_arm64-buildd.buildinfo bde7d3363b95bc693fcdbe61504ef425fbbd08c2d70dc6b5da241e3fa6bff149 7352016 libjpegxl-java-dbgsym_0.7.0-10+deb12u1_arm64.deb 8fb4703fc412b0be0db3a5dc62087cb8e207e9ba2872169bcd7546865cec601b 300908 libjpegxl-java_0.7.0-10+deb12u1_arm64.deb 67f26e54cd109661d0431623f1d028be335fd347cb40e3b5858298918b35e26f 49632 libjxl-dev_0.7.0-10+deb12u1_arm64.deb ead9b532374bb366b0a19187f18ec09dd0e654fe9e4ad776e0d433b0587300ea 212481872 libjxl-devtools-dbgsym_0.7.0-10+deb12u1_arm64.deb 8faa16e5f3c17a814c57c2484156dcfdf32fd790016bc6f098694d60fc84f99e 1928644 libjxl-devtools_0.7.0-10+deb12u1_arm64.deb d0108deb90cbce0a35dd8d8d916ff907de5cc7ec3066673f8cf02eeb7582ef37 20751316 libjxl-tools-dbgsym_0.7.0-10+deb12u1_arm64.deb 8c32f6a6d0b944075f61c766b7eace7e1d8c9b1aefa388e89b8fcae63b6e2cb8 706660 libjxl-tools_0.7.0-10+deb12u1_arm64.deb 1804fcff54c8b712edfe2febc4e41026acd4c144145b58cd147cbe61bc124e00 17508776 libjxl0.7-dbgsym_0.7.0-10+deb12u1_arm64.deb fc46d9d24c22e16726cc0fe131f52c4b3cc08db7ba408ef15173841bd3933f2e 643892 libjxl0.7_0.7.0-10+deb12u1_arm64.deb Files: c42bd8df8f818c69966975eeb7551a91 14409 graphics optional jpeg-xl_0.7.0-10+deb12u1_arm64-buildd.buildinfo 1cfb3d84273d35b6051f4a067400f139 7352016 debug optional libjpegxl-java-dbgsym_0.7.0-10+deb12u1_arm64.deb 1dc20e9b33e527f6cc923d5f27f18063 300908 java optional libjpegxl-java_0.7.0-10+deb12u1_arm64.deb 92dd6a6eb4aa506850349df6cafc6a37 49632 libdevel optional libjxl-dev_0.7.0-10+deb12u1_arm64.deb 67da65149c72c8c88edfbe725e526b0c 212481872 debug optional libjxl-devtools-dbgsym_0.7.0-10+deb12u1_arm64.deb 78d5fdd8a60ae4f92d52434a01135cb0 1928644 utils optional libjxl-devtools_0.7.0-10+deb12u1_arm64.deb c37fb169c5a55637f54dad5e9bcc60bc 20751316 debug optional libjxl-tools-dbgsym_0.7.0-10+deb12u1_arm64.deb 33402ef85daf59eea107dcc5c6838ffb 706660 utils optional libjxl-tools_0.7.0-10+deb12u1_arm64.deb c3a6de93d70288a44cfd283d6d5fbbe5 17508776 debug optional libjxl0.7-dbgsym_0.7.0-10+deb12u1_arm64.deb d26e4719a9545586148b54a68bdb71e4 643892 libs optional libjxl0.7_0.7.0-10+deb12u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVM4SKBZumztS8zr3lST9Us03ywsFAmhmWoAACgkQlST9Us03 ywulOg/+PY3FT3SyYxuvQ6qJovzqd0xoNLOnGj5QJY1OaIu3Y6xJUKxKKl3EGa35 Yi92UU4zqLmETHTivYbfGIwDf3xA/1MaUmYT4mnHmIk1GAYPWyC4gHCZkJjpg3p1 SfWZ2QFLaT5xTQQ3dsspIQv3XuFBSIe3XW9iE/oNKacZLCEeZv2RoHl2ntfijhfu lt6t3aBCfNbOva+z7BjjzfWAwdUIMY80FFTTbQI5Jk1bC9XDC/yaqspz7RSGW9UF uZCOpNUULOZpvGqE9h5FflNgZXxTm88/np3ZTllRsYuIdnJDHvjUqCaEuCBCIewI kbdgf/odtwj2yHSKT5V/vqM/REKrQlDmwe4zRCb1C0HkPUkebZeiL/7FEDRCIJwk rqphC6wRHebYamobg7d7T1F/BRyr4vgNhzO+VWJc0SQQxPLAf2+T+OVzJu5U2tEq 3YQjEEG+Gr0k4ABF+3pSj8xaj2LQC5yNTLs0nEYk+6bGvybmNbD3fX/lQoQoqule bvzmR7zxBhDUBf7x9yd2TyXEWTw6UqG/MrjXPo+Xi9Gr1iPB3uaGzztWM2mN9TjJ iuDFkwB6ORLmtu3muqUDqjGbnA+b2vLG5CQbsiYGqdMLB6HRibl7Dt4xZQQmzCl3 a8YLcW1mv+bczrAQRJG4hq08wISe4BgN/5aH4hk4UjFxkS5vPCc= =CmUa -----END PGP SIGNATURE-----