Information on source package djvulibre

Available versions

Release	Version
jessie	3.5.25.4-4
jessie (security)	3.5.25.4-4+deb8u2
stretch	3.5.27.1-7
buster	3.5.27.1-10
bullseye	3.5.27.1-14
sid	3.5.27.1-14

Open issues

Bug	jessie	stretch	buster	bullseye	sid	Description
CVE-2019-18804	fixed	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU:: ...
CVE-2019-15145	fixed	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack ...
CVE-2019-15144	fixed	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate< ...
CVE-2019-15143	fixed	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	In DjVuLibre 3.5.27, the bitmap reader component allows attackers to c ...
CVE-2019-15142	fixed	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows a ...

Open unimportant issues

Bug	jessie	stretch	buster	bullseye	sid	Description
TEMP-0775193-7F000E	vulnerable	fixed	fixed	fixed	fixed	djvudigital: insecure use of /tmp

Resolved issues

Bug	Description
CVE-2012-6535	DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDr ...

Security announcements

DSA / DLA	Description
DLA-1985-1	djvulibre - security update
DLA-1902-1	djvulibre - security update
DSA-2844-1	djvulibre - arbitrary code execution