-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 03 Jul 2025 16:06:10 +0800 Source: jpeg-xl Binary: libjpegxl-java libjpegxl-java-dbgsym libjxl-dev libjxl-devtools libjxl-devtools-dbgsym libjxl-tools libjxl-tools-dbgsym libjxl0.7 libjxl0.7-dbgsym Architecture: i386 Version: 0.7.0-10+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Aron Xu Description: libjpegxl-java - JPEG XL Image Coding System - "JXL" (java bindings) libjxl-dev - JPEG XL Image Coding System - "JXL" (development files) libjxl-devtools - JPEG XL Image Coding System - "JXL" (dev command line utility) libjxl-tools - JPEG XL Image Coding System - "JXL" (command line utility) libjxl0.7 - JPEG XL Image Coding System - "JXL" (shared libraries) Closes: 1034722 1055306 1088818 Changes: jpeg-xl (0.7.0-10+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2023-0645: out of bounds read in the exif handler (Closes: #1034722) * CVE-2023-35790: integer underflow in patch decoding can lead to a denial of service issue. (Closes: #1055306) * CVE-2024-11403: out-of-bounds write in the JPEG decoder when doing recompression. (Closes: #1088818) * CVE-2024-11498: stack buffer overflow in modular trees (Closes: #1088818) Checksums-Sha1: 7b911c682a6efd51313831859eb84656e3a6df04 14340 jpeg-xl_0.7.0-10+deb12u1_i386-buildd.buildinfo 32603403096177b966e99b40a32f6e16222b8095 8342780 libjpegxl-java-dbgsym_0.7.0-10+deb12u1_i386.deb 8317cd72396d33a206a2c0c55b3ddca3c9ab062a 400312 libjpegxl-java_0.7.0-10+deb12u1_i386.deb 33a3d91b39601de8542f75fef7aee99470774e3e 49628 libjxl-dev_0.7.0-10+deb12u1_i386.deb 5396798eaf925d184679786587290c8b3fd11c5d 237636196 libjxl-devtools-dbgsym_0.7.0-10+deb12u1_i386.deb 37bb52ea509c46ec4ffa3083d118892e57c8b1e7 3254468 libjxl-devtools_0.7.0-10+deb12u1_i386.deb 4401776f84b380814c52cb128fcb24acddd7792b 23053468 libjxl-tools-dbgsym_0.7.0-10+deb12u1_i386.deb 59cfe01ef4d4da4fc3d55c37b182c07b677bca16 926384 libjxl-tools_0.7.0-10+deb12u1_i386.deb c9c5cad5a3ecc74801a4044e96672a393c564896 20095024 libjxl0.7-dbgsym_0.7.0-10+deb12u1_i386.deb 2a1ed4267cd73d26f7c05312da95322b1cfc031c 865248 libjxl0.7_0.7.0-10+deb12u1_i386.deb Checksums-Sha256: a56f2edfc686e9d89d79b56195665d0b22580c8dcc0c73a0b98d3201961ac6f1 14340 jpeg-xl_0.7.0-10+deb12u1_i386-buildd.buildinfo a53512bc405f85bc361ea20e233bc475d03cc498bb18b59abd734ce0a6dd3f22 8342780 libjpegxl-java-dbgsym_0.7.0-10+deb12u1_i386.deb 5f8787aa5005b6812e1576f9ae17b98250adcf98a9cce21aca12006cd789be93 400312 libjpegxl-java_0.7.0-10+deb12u1_i386.deb 6d9ff88f5842393547b1d48904f2a3b02f22d81b6babf96f7aaab251777967f0 49628 libjxl-dev_0.7.0-10+deb12u1_i386.deb 7164bc3d8628220ae6e1921079ad2dd17e03c143b9e44a2a714c6e6ac0fac9a0 237636196 libjxl-devtools-dbgsym_0.7.0-10+deb12u1_i386.deb ee88caf32afae8ae584146ad064108d5a7d5d34ee571e18d21d40d0e2b1e15a1 3254468 libjxl-devtools_0.7.0-10+deb12u1_i386.deb 65805ec12171886815952b28626cf9ae3fe81f4c8f07ad2f8d191614983c2a6c 23053468 libjxl-tools-dbgsym_0.7.0-10+deb12u1_i386.deb 714b7711ab4a1f5dd7bce494e1402bcbbc53012ab09ef7af230029ae9de95e24 926384 libjxl-tools_0.7.0-10+deb12u1_i386.deb 892960722c27b2574b8689391cbb9f8853779d5c8c0e71a825a1973ca161058e 20095024 libjxl0.7-dbgsym_0.7.0-10+deb12u1_i386.deb f9296e56ca5ba43dba5b40e693965ca11e31dbae3eb7cda5924be836562703c9 865248 libjxl0.7_0.7.0-10+deb12u1_i386.deb Files: 81867748b4486526734a17eb5334e68e 14340 graphics optional jpeg-xl_0.7.0-10+deb12u1_i386-buildd.buildinfo d019fc7f9650716bf476eb000e66d0e1 8342780 debug optional libjpegxl-java-dbgsym_0.7.0-10+deb12u1_i386.deb 1579fa032fa1150ca98331c3da8a60eb 400312 java optional libjpegxl-java_0.7.0-10+deb12u1_i386.deb 750de458a5908ae5a687215ebf4108bb 49628 libdevel optional libjxl-dev_0.7.0-10+deb12u1_i386.deb d1e147a73c3c42d947cd9d5baa32e9ac 237636196 debug optional libjxl-devtools-dbgsym_0.7.0-10+deb12u1_i386.deb 4e98309f60b62437fdd0060fde4d4359 3254468 utils optional libjxl-devtools_0.7.0-10+deb12u1_i386.deb 5b000cd4620e4bf228514a041781ffbb 23053468 debug optional libjxl-tools-dbgsym_0.7.0-10+deb12u1_i386.deb fe926881e1fa5b729f44d0d38ab64f85 926384 utils optional libjxl-tools_0.7.0-10+deb12u1_i386.deb a1a82c8aa62801b7bda17fcae8ac6131 20095024 debug optional libjxl0.7-dbgsym_0.7.0-10+deb12u1_i386.deb 814b7ae0ef9288be713d7bb918cf2d9c 865248 libs optional libjxl0.7_0.7.0-10+deb12u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmhmXEYACgkQiZlfn74W V6luFRAAlEcnd81nnh3+NhHAgvw/cnJnLctsisYOQaxKPozbrwM4qEmP1M2b8twL ao4JKkhnIuxnb4W5/mB4jvaqdTNDEO1OsqP8shzwiVdMr/4Zith6g2+5KQBnIj4p Xs6vBibfpq4QthFtSGHN1iwlVzN7fyN1UJfIm4JZbn1wU7U742WE02z/zyAKw7Oq e7bOwK3Xi/GVkXYQ+0xJIaiweNRLvx34FFKoTNOIhskfXgra0PpqZT15V6L9grWi mN+0o0Ks2vKfGh+GBY2s5HMJhrCD7rXR+1rM3uqSDRo+24CBnGJDEfDUGahBWY/m jehqEMIsTVlD1gFY1x2pWOlW8iELkFzDCqWslZegoIKD8U/sznyp1VdglIrqmwiD dkYy65Ionk+aZjYRP7zusI5MFQpPiC2Jy/xLzVqUQ7DsRc4d6OV325pvPJbE/u/m zcAlFvauxRzErhmOPDJ2c8vQjsz4u8nldd1m+8cnR4QCNOyapKodhaSOzuWf2zks XOXza7I7OD2yjy9BrgOafi5CpgZLRxLX91F2SD31/Ei7Ah9yf76sv/MYt0LfmfPE Xo0ySlYZy9zuODKRFPSOYuGUd27OBTWjr585NHJN9ewYZmHoSnUA3xQs1uQFbIGh dsJdvx778jlvfadePSzD6LEZCh2xKlGug/5A/wd/4GfW1dDZko4= =JHse -----END PGP SIGNATURE-----