Control: reopen -1 On Fri, Jul 04, 2025 at 08:41:31AM +0200, Salvatore Bonaccorso wrote: > close 1052668 3.5.28-2 >...
This seems to be incorrect: https://sourceforge.net/p/djvu/bugs/345/#47a6 https://sources.debian.org/src/djvulibre/3.5.28-2.1/debian/patches/0003-djvulibre-fedora-Patch8-djvulibre-3.5.27-check-image.patch/#L15-L18 While 3.5.27.1-10+deb10u1 in buster contained the CVE-2021-46310 fix for the fix, the patch in >= bullseye contains only the original fix that had the (sz == 0) check too late. cu Adrian
