-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 03 Jul 2025 16:06:10 +0800
Source: jpeg-xl
Binary: jpeg-xl-doc
Architecture: all
Version: 0.7.0-10+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description:
 jpeg-xl-doc - JPEG XL Image Coding System - "JXL" (documentation)
Closes: 1034722 1055306 1088818
Changes:
 jpeg-xl (0.7.0-10+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2023-0645: out of bounds read in the exif handler (Closes: #1034722)
   * CVE-2023-35790: integer underflow in patch decoding can lead to a denial
     of service issue. (Closes: #1055306)
   * CVE-2024-11403: out-of-bounds write in the JPEG decoder when doing
     recompression. (Closes: #1088818)
   * CVE-2024-11498: stack buffer overflow in modular trees (Closes: #1088818)
Checksums-Sha1:
 aff75d50cd30a430393236a4073506e5b3c3b862 783532 jpeg-xl-doc_0.7.0-10+deb12u1_all.deb
 2fae193efb8f562c6a6b858a5514408c3adaadfb 12812 jpeg-xl_0.7.0-10+deb12u1_all-buildd.buildinfo
Checksums-Sha256:
 04b91c5408a98e75d2966f1ec534e51e8bad2f50156ec410d2b13878571f7197 783532 jpeg-xl-doc_0.7.0-10+deb12u1_all.deb
 334e0e6284858774853399dede45543d6cadf6a2589d119d56ef4600825fe61f 12812 jpeg-xl_0.7.0-10+deb12u1_all-buildd.buildinfo
Files:
 a1c82a2c710b41722fb212a22a56d74d 783532 doc optional jpeg-xl-doc_0.7.0-10+deb12u1_all.deb
 8b38e978efabedc344c150d6969d82a7 12812 graphics optional jpeg-xl_0.7.0-10+deb12u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEj4Fym5GgeZdPqKhrJm69HxMTN+oFAmhmWMEACgkQJm69HxMT
N+o/zw/+JKvqIhg8Hv0HUEYqVBtaEafTFOdKkV4V5tuS55wBgByuCLTzA8LicxyI
q65x1ABueC2ADtMOv3lkA63Vfc8RWMZgPn+AAAuDD40NVDx+ef3hcrii7AHYmTJa
S82dUlDmz3UafYxAqD6ZkQIK2d4oVEG+jJ8XBpboec+2aHjjIj0St+Alil2hJAHv
eZrHPCm18HkM8DKpefijs8PgWbiyTtURK1vKGPKdOG54Rf5S74MWJT5nhASO9chH
dI1pVvLzoEXzv2a71pYJ9mkES3NogeB0jlo89w4y2sd1OZF2kZQc8i7QHr2lYu8C
0G69D0kDIJMSnD7BNDjd8CbATK3lVTzizXPlq8/7GVFArUYPugaGAFE94HmhtrXa
5Fo9CBQ4t7aPcoeajwGW6Pk8taSzdNbvrI3Ud/prUeVcUd+JEObQLD8kVduO/Pum
5WQZatgTAn7lztkI+Gp8tzpN4iaKG7VPV0Kvb9wUvpDmL6S5+wvH/JbnEY8luRCg
lM2loqvE5lHQ1exlr09zQPMD9TMPj6rCPDfzA43VEDDlXNIMXNOOByhNtkQdxN1/
9P9WCXubtRPkRpp5uowHAp667hi1YTOt+6bKWPI+FMuXZmvyS/gnLOs6IGA9BiLd
/7qjTU5adz/tpUP6FlfSggKvwUIxmaieS57PzAi7qMmLz0rEFpc=
=uQ7Z
-----END PGP SIGNATURE-----