openjpeg2 (2.3.0-2) unstable; urgency=high . [ Hugo Lefeuvre ] * CVE-2017-17480: stack-based buffer overflow in the pgxtovolume function in jp3d/convert.c (Closes: #884738). * CVE-2018-14423: division-by-zero in pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c (Closes: #904873). * CVE-2018-18088: null pointer dereference in imagetopnm in jp2/convert.c (Closes: #910763). * CVE-2018-5785: integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c) (Closes: #888533). * CVE-2018-6616: excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c (Closes: #889683). . [ Mathieu Malaterre ] * Add Hugo as Uploader owasp-java-html-sanitizer (0.1+r88-2) unstable; urgency=medium . * Team upload. * Remove obsolete DM-uploads-allowed field. * Do not build-depend on libjsr305-java-doc anymore because it is gone. (Closes: #923654)