Version in base suite: 3.5.28-2

Base version: djvulibre_3.5.28-2
Target version: djvulibre_3.5.28-2.1~deb12u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/d/djvulibre/djvulibre_3.5.28-2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/d/djvulibre/djvulibre_3.5.28-2.1~deb12u1.dsc

 changelog                                                      |   15 ++++
 patches/0008-Fix-potential-buffer-overflow-in-MMRDecoder.patch |   37 ++++++++++
 patches/series                                                 |    1 
 3 files changed, 53 insertions(+)

diff -Nru djvulibre-3.5.28/debian/changelog djvulibre-3.5.28/debian/changelog
--- djvulibre-3.5.28/debian/changelog	2021-05-10 17:56:59.000000000 +0000
+++ djvulibre-3.5.28/debian/changelog	2025-07-04 19:33:39.000000000 +0000
@@ -1,3 +1,18 @@
+djvulibre (3.5.28-2.1~deb12u1) bookworm-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Rebuild for bookworm-security
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 04 Jul 2025 21:33:39 +0200
+
+djvulibre (3.5.28-2.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Fix potential buffer overflow in MMRDecoder (CVE-2025-53367)
+    (Closes: #1108729)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 04 Jul 2025 07:38:58 +0200
+
 djvulibre (3.5.28-2) unstable; urgency=high
 
   * bump policy version
diff -Nru djvulibre-3.5.28/debian/patches/0008-Fix-potential-buffer-overflow-in-MMRDecoder.patch djvulibre-3.5.28/debian/patches/0008-Fix-potential-buffer-overflow-in-MMRDecoder.patch
--- djvulibre-3.5.28/debian/patches/0008-Fix-potential-buffer-overflow-in-MMRDecoder.patch	1970-01-01 00:00:00.000000000 +0000
+++ djvulibre-3.5.28/debian/patches/0008-Fix-potential-buffer-overflow-in-MMRDecoder.patch	2025-07-04 19:33:32.000000000 +0000
@@ -0,0 +1,37 @@
+From: Leon Bottou <leonb@fb.com>
+Date: Wed, 2 Jul 2025 12:49:40 -0400
+Subject: Fix potential buffer overflow in MMRDecoder
+Origin: https://sourceforge.net/p/djvu/djvulibre-git/ci/33f645196593d70bd5e37f55b63886c31c82c3da/
+Bug-Debian: https://bugs.debian.org/1108729
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-53367
+
+---
+ libdjvu/MMRDecoder.cpp | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libdjvu/MMRDecoder.cpp b/libdjvu/MMRDecoder.cpp
+index b56fa336d353..bbbaa0c5e2ef 100644
+--- a/libdjvu/MMRDecoder.cpp
++++ b/libdjvu/MMRDecoder.cpp
+@@ -589,6 +589,9 @@ MMRDecoder::scanruns(const unsigned short **endptr)
+   int a0,rle,b1;
+   for(a0=0,rle=0,b1=*pr++;a0 < width;)
+     {
++      // Check for buffer overflow
++      if (xr > lineruns+width+2 || pr > prevruns+width+2)
++	G_THROW(invalid_mmr_data);
+       // Process MMR codes
+       const int c=mrtable->decode(src);
+       switch ( c )
+@@ -714,7 +717,7 @@ MMRDecoder::scanruns(const unsigned short **endptr)
+                         rle++;
+                         a0++;
+                       }
+-                    if (a0 > width)
++                    if (a0 > width || xr > lineruns+width+2)
+                       G_THROW(invalid_mmr_data);
+                   }
+                 // Analyze uncompressed termination code.
+-- 
+2.50.0
+
diff -Nru djvulibre-3.5.28/debian/patches/series djvulibre-3.5.28/debian/patches/series
--- djvulibre-3.5.28/debian/patches/series	2021-05-10 17:46:09.000000000 +0000
+++ djvulibre-3.5.28/debian/patches/series	2025-07-04 19:33:32.000000000 +0000
@@ -5,3 +5,4 @@
 0005-djvulibre-fedora-Patch10-djvulibre-3.5.27-check-inpu.patch
 0006-djvulibre-fedora-Patch11-djvulibre-3.5.27-djvuport-s.patch
 0007-djvulibre-fedora-Patch12-djvulibre-3.5.27-unsigned-s.patch
+0008-Fix-potential-buffer-overflow-in-MMRDecoder.patch