-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 03 Jul 2025 16:06:10 +0800 Source: jpeg-xl Binary: libjpegxl-java libjpegxl-java-dbgsym libjxl-dev libjxl-devtools libjxl-devtools-dbgsym libjxl-tools libjxl-tools-dbgsym libjxl0.7 libjxl0.7-dbgsym Architecture: armel Version: 0.7.0-10+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-01) Changed-By: Aron Xu Description: libjpegxl-java - JPEG XL Image Coding System - "JXL" (java bindings) libjxl-dev - JPEG XL Image Coding System - "JXL" (development files) libjxl-devtools - JPEG XL Image Coding System - "JXL" (dev command line utility) libjxl-tools - JPEG XL Image Coding System - "JXL" (command line utility) libjxl0.7 - JPEG XL Image Coding System - "JXL" (shared libraries) Closes: 1034722 1055306 1088818 Changes: jpeg-xl (0.7.0-10+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2023-0645: out of bounds read in the exif handler (Closes: #1034722) * CVE-2023-35790: integer underflow in patch decoding can lead to a denial of service issue. (Closes: #1055306) * CVE-2024-11403: out-of-bounds write in the JPEG decoder when doing recompression. (Closes: #1088818) * CVE-2024-11498: stack buffer overflow in modular trees (Closes: #1088818) Checksums-Sha1: b7b42669bdb7167ef818d4b7b5996f991a7d412e 14251 jpeg-xl_0.7.0-10+deb12u1_armel-buildd.buildinfo 9bd70e984585071717c9a345ba24597c823a657e 7128744 libjpegxl-java-dbgsym_0.7.0-10+deb12u1_armel.deb b3c1264656f95f9c6db279c7f3cc498cb69a9b32 306280 libjpegxl-java_0.7.0-10+deb12u1_armel.deb 5543288b3b0791726d7c654cfc7e0cf26d211027 49632 libjxl-dev_0.7.0-10+deb12u1_armel.deb 2ce76d48628068e123f9969d8ce34c19efc338a5 204230348 libjxl-devtools-dbgsym_0.7.0-10+deb12u1_armel.deb 38988e43f35088eae6aed1551a742431ae6c1226 1886512 libjxl-devtools_0.7.0-10+deb12u1_armel.deb 89ba58680c797c4bc78e0d7e5b3e9b972247c4da 20015496 libjxl-tools-dbgsym_0.7.0-10+deb12u1_armel.deb 988d9490a9e60aa024fccc49fd20f8bdfbdf0024 711036 libjxl-tools_0.7.0-10+deb12u1_armel.deb 3a31d83fc60f973d0c82a8169dd7ef2e8d41a10b 16298112 libjxl0.7-dbgsym_0.7.0-10+deb12u1_armel.deb 938e06c7998f0dc33e368bfcfda3d58f23442180 649832 libjxl0.7_0.7.0-10+deb12u1_armel.deb Checksums-Sha256: ad0f2839e2c85a8edb67fd395ea8a62a9fcf19ef0e938923aa70373cbc21107f 14251 jpeg-xl_0.7.0-10+deb12u1_armel-buildd.buildinfo 9686a26bd650b0714dd8206655cfb40e0408bb2b892699e0ea4bf03b1ba2584f 7128744 libjpegxl-java-dbgsym_0.7.0-10+deb12u1_armel.deb 1d7329321c84e741739259134c5a0222e3f8d68d084be94d4292050447bc2f0e 306280 libjpegxl-java_0.7.0-10+deb12u1_armel.deb d5eb5504d618051b5ff9d89287294ef126eb0d0d16b2a45ed9eeeccf2eca2a5a 49632 libjxl-dev_0.7.0-10+deb12u1_armel.deb 9af91fae8f49b970789941f7e1bb59b66ad537e78d8fb8a71199be793dd943f5 204230348 libjxl-devtools-dbgsym_0.7.0-10+deb12u1_armel.deb a586293a0b35be4fc36416ba2eaa5d9c1b549502b5716fbed77fce45d373bb4e 1886512 libjxl-devtools_0.7.0-10+deb12u1_armel.deb 1d90ec55d130d7b61c64dbce1e1fbdf3327c587ba21654c4ca8ea4b2efb02b40 20015496 libjxl-tools-dbgsym_0.7.0-10+deb12u1_armel.deb efc6ac009d302152b73a97c90380534556be057e2d83c8a38e4f2cd11ae30b5e 711036 libjxl-tools_0.7.0-10+deb12u1_armel.deb 0e61f93a690cccf739a6d7346641ffc6eea1762940d0499f7d189c1e09dff731 16298112 libjxl0.7-dbgsym_0.7.0-10+deb12u1_armel.deb 8ed72806522d32b7f0e445f2575dcecf0f07578bc3a82098acf5d0342519098d 649832 libjxl0.7_0.7.0-10+deb12u1_armel.deb Files: 11e3a064aceb5015c7a0abb3049361eb 14251 graphics optional jpeg-xl_0.7.0-10+deb12u1_armel-buildd.buildinfo 7e8c2a7566bb972ff8c6a2bad64a9f67 7128744 debug optional libjpegxl-java-dbgsym_0.7.0-10+deb12u1_armel.deb c9ebe90fdd5a390090e12c0832ea88ee 306280 java optional libjpegxl-java_0.7.0-10+deb12u1_armel.deb 42aac23047d5dcfd95f17ea8a29c6e8e 49632 libdevel optional libjxl-dev_0.7.0-10+deb12u1_armel.deb f89c6e9bb6866ea34ef6b5308e79c06d 204230348 debug optional libjxl-devtools-dbgsym_0.7.0-10+deb12u1_armel.deb f587d2c35195c54b375b37246b933fd2 1886512 utils optional libjxl-devtools_0.7.0-10+deb12u1_armel.deb c19edb77a649d3551363c54ee3e6921a 20015496 debug optional libjxl-tools-dbgsym_0.7.0-10+deb12u1_armel.deb dc65ea6bfbdf304881689bceb44bdcb8 711036 utils optional libjxl-tools_0.7.0-10+deb12u1_armel.deb d5581e6a2e86bc3b6431b210da8899fc 16298112 debug optional libjxl0.7-dbgsym_0.7.0-10+deb12u1_armel.deb d46f32bc78fddc5831d88c46e3d76ffc 649832 libs optional libjxl0.7_0.7.0-10+deb12u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEq41qkgEcGaML+/CnCr/D/stJkDwFAmhmexUACgkQCr/D/stJ kDx6VQ//XFTx4Q6zQYocB5ITg7i95u/pKcM6KBjrRJ431WKn1V0VNT5jC4aktySK o7hpJ8zVYvnH1v0cbLhDMBFljm8vsPik2PsFto6RKnkC+l19N7Ehqf7hUucw9Ybt mmSR/Q6gy3JEwahLCgC6GGyFlY1oCyNbiQnZn2FMm2slT/gtDlsl7dXXejS57ahE wqpr68jQEsU7Cjvy45+tfHU3dHOaPuYzB4cAy6mQWU2U0Tqmjc/AYMx3ffG0RZ/E 4VfgvoktE4T6EoPUqch2q5iRM6O1zSd+R/9gPgL2gzShUgcW6twVQ0giIKwIsLhA YLxGp78xNFahJZ+RngR1mSafpxiGuwcrpNf858VngbshGPMg162+1Z6jYHcj+g6a Nma2nuSNIh0xiiJ8rl5Jlfct15susDV7/xGkF61eSUDVConFVakBRmmg4U4yiuTe FuEncz+zO5ijXuqNXXq9A9s3OudRsstNYpTPWYRfoEw2wPT2D/ww6VRGSmLtt4ha c9ofy4T/GXifaPp9o50+QqGI523FI4vJjcRdgJsKLHgRY3VInh0U4Z5YG6CShFvg uy7oj7zBmMZS3uH6GieV263Q1hv7ooYyaBoPrbt5st+CQ9b2clNkubwCVAifBoOE GkjWSuxsjoCy661ZHzUy6rnsB5qQk1eVC7J4C8mirerORdJ8YWE= =55nK -----END PGP SIGNATURE-----