-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 03 Jul 2025 16:06:10 +0800
Source: jpeg-xl
Architecture: source
Version: 0.7.0-10+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Closes: 1034722 1055306 1088818
Changes:
 jpeg-xl (0.7.0-10+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2023-0645: out of bounds read in the exif handler (Closes: #1034722)
   * CVE-2023-35790: integer underflow in patch decoding can lead to a denial
     of service issue. (Closes: #1055306)
   * CVE-2024-11403: out-of-bounds write in the JPEG decoder when doing
     recompression. (Closes: #1088818)
   * CVE-2024-11498: stack buffer overflow in modular trees (Closes: #1088818)
Checksums-Sha1:
 5929ebd7c6d33443f1ae84b1d4d464b34825705a 2762 jpeg-xl_0.7.0-10+deb12u1.dsc
 43f9515e0c50dc1049de7a55fea1df9b033b0069 1505917 jpeg-xl_0.7.0.orig.tar.gz
 3741ff1d8280d5f935caa25d0d66dc2923a59bf8 25008 jpeg-xl_0.7.0-10+deb12u1.debian.tar.xz
 a576d72a9e5ae37b9c90b61e03619512bebeab49 7126 jpeg-xl_0.7.0-10+deb12u1_source.buildinfo
Checksums-Sha256:
 de02b90d57f87ff1dc74af03cf98aeb24b03c9186a84e99cf5e2919e9c9702ce 2762 jpeg-xl_0.7.0-10+deb12u1.dsc
 3114bba1fabb36f6f4adc2632717209aa6f84077bc4e93b420e0d63fa0455c5e 1505917 jpeg-xl_0.7.0.orig.tar.gz
 146c624d9e6909a5d0779427157a4928e727d9aa422811d433c2081699b0cac5 25008 jpeg-xl_0.7.0-10+deb12u1.debian.tar.xz
 ebf5574f54c70747ef36adfca59ec8371d5374c50ff8d1dc1474566df593068c 7126 jpeg-xl_0.7.0-10+deb12u1_source.buildinfo
Files:
 2b6da88834552ac80d28584a9d3cc821 2762 graphics optional jpeg-xl_0.7.0-10+deb12u1.dsc
 fc56e7db98f6182fc0891dce25833e3a 1505917 graphics optional jpeg-xl_0.7.0.orig.tar.gz
 d2e0e607698c2d2e3114b7eaa4b9d373 25008 graphics optional jpeg-xl_0.7.0-10+deb12u1.debian.tar.xz
 42ce005e39b4ae03235bea62b5d9a40d 7126 graphics optional jpeg-xl_0.7.0-10+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEBLHAyuu1xqoC2aJ5NP8o68vMTMgFAmhmUkoACgkQNP8o68vM
TMhAnQf+ISvEzA7FVrYo3SNKTqRn5QEacbRB09eH6kEu09eT9m5qQdipKCvqJEsB
AlgjSS4+bzHfr5KPsbaA1cJnGLE00s+58o+1iAYoegREDcVQvv8Yg96znfloCKqz
++3kf0U+AqTNRm2niFLcsNa/Yq7G7GG5cskoeFcfYBtXHtfXWbQuh+KFsCwbW8RF
dVOESaZtBedAlwQq+MtPR6h20RBbHvGiv6IBvF4XlwgHfcFXrcfIXqXfJzM37rCT
Cu0o5jd6fiWdRv1DiKSG0UoMit7yDLsEJfCnOwm/k7MFB1F6j8jMCWrWTlzCxJyh
6qKxgYdaW3gOv2XGExhv5+2ejzsSYA==
=zodG
-----END PGP SIGNATURE-----