Hi, On Sat, Jul 19, 2025 at 12:09:37AM +0300, Adrian Bunk wrote: > Control: reopen -1 > > On Fri, Jul 04, 2025 at 08:41:31AM +0200, Salvatore Bonaccorso wrote: > > close 1052668 3.5.28-2 > >... > > This seems to be incorrect: > https://sourceforge.net/p/djvu/bugs/345/#47a6 > https://sources.debian.org/src/djvulibre/3.5.28-2.1/debian/patches/0003-djvulibre-fedora-Patch8-djvulibre-3.5.27-check-image.patch/#L15-L18 > > While 3.5.27.1-10+deb10u1 in buster contained the CVE-2021-46310 fix for > the fix, the patch in >= bullseye contains only the original fix that > had the (sz == 0) check too late.
I had another look after your reopening of the bug, and correct the check is missplaced still in the current versions. Thanks for the correction. Fortunately the issue is minor and a fix can be piggy-backed with a future update. Regards, Salvatore
