Problems found with existing digests:
Package fotoxx distfile fotoxx-14.03.1.tar.gz
ac2033f87de2c23941261f7c50160cddf872c110 [recorded]
118e98a8cc0414676b3c4d37b8df407c28a1407c [calculated]
Package ploticus-examples distfile ploticus-2.00/plnode200.tar.gz
34274a03d0c41fae5690633663e3d4114b9d7a6d [recorded]
da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
Problems found locating distfiles:
Package AfterShotPro: missing distfile AfterShotPro-1.1.0.30/AfterShotPro_i386.deb
Package pgraf: missing distfile pgraf-20010131.tar.gz
Package qvplay: missing distfile qvplay-0.95.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
Changes in version 2.1 (2014-04-08)
This is a security-critical bug-fix release that remains API and ABI
backwards compatible to version 2.0. Users who process BIE data from
untrusted sources should upgrade.
- fixed a buffer-overflow vulnerability in the jbig.c decoder,
reported by Florian Weimer (Red Hat): CVE-2013-6369
- fixed ability of corrupted input data to force jbig85.c decoder
into an end-less loop
- fixed a bug in the processing of private deterministic-prediction
tables (DPPRIV=1) in jbig.c decoder
- fixed integer-type mismatches in printf arguments on 64-bit systems
- fuzz-testing script added
JBIG-KIT implements a highly effective data compression algorithm for
bi-level high-resolution images such as fax pages or scanned
documents.
JBIG-KIT provides a portable library of compression and decompression
functions with a documented interface. You can very easily include
into your image or document processing software. In addition, JBIG-KIT
provides ready-to-use compression and decompression programs with a
simple command line interface (similar to the converters found in Jef
Poskanzer's PBM graphics file conversion package).
