[Git][security-tracker-team/security-tracker][master] dla: add libjpeg-turbo

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
02b03478 by Sylvain Beucler at 2022-05-23T18:32:53+02:00
dla: add libjpeg-turbo

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -143792,7 +143792,7 @@ CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 
4.0.0, has a heap-based buffer
        {DLA-2302-1}
        - libjpeg-turbo 1:2.0.5-1 (bug #962829)
        [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
-       [jessie] - libjpeg-turbo <ignored> (No package in Debian jessie uses 
the TurboJPEG API)
+       [jessie] - libjpeg-turbo <ignored> (No other package in Debian jessie 
uses the TurboJPEG API or the TurboJPEG CLI tools)
        NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433
        NOTE: 
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1bfb0b5247f4fc8f6677639781ce468543490216
 (1.5.x)
        NOTE: 
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a
 (2.0.x)


=====================================
data/dla-needed.txt
=====================================
@@ -112,9 +112,13 @@ lemonldap-ng
   NOTE: 20220523: Harmonize with Debian 10.4 (1 CVE) and 10.5 (regression fix) 
(Beuc/front-desk)
 --
 libdbi-perl
-  NOTE: 20220523: Harmonize with Debian 10.8 (CVE-2014-10402 is a follow-up to 
CVE-2014-10401 (Beuc/front-desk)
+  NOTE: 20220523: Harmonize with Debian 10.8 (CVE-2014-10402 is a follow-up to 
CVE-2014-10401
   NOTE: 20220523: which was fixed before stretch, buster's debian/changelog is 
incorrect) (Beuc/front-desk)
 --
+libjpeg-turbo
+  NOTE: 20220523: Harmonize with Debian 10.7 (only 1 CVE but last
+  NOTE: 20220523: stretch update back in 2020 and possible RCE) 
(Beuc/front-desk)
+--
 liblouis
   NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN
   NOTE: 20220320: and POC. Consider fixing CVE-2018-17294 too.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02b034786cdc32eaec3a87cd3cb1a155f034da2e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02b034786cdc32eaec3a87cd3cb1a155f034da2e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits