Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 02b03478 by Sylvain Beucler at 2022-05-23T18:32:53+02:00 dla: add libjpeg-turbo - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -143792,7 +143792,7 @@ CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer {DLA-2302-1} - libjpeg-turbo 1:2.0.5-1 (bug #962829) [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1 - [jessie] - libjpeg-turbo <ignored> (No package in Debian jessie uses the TurboJPEG API) + [jessie] - libjpeg-turbo <ignored> (No other package in Debian jessie uses the TurboJPEG API or the TurboJPEG CLI tools) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1bfb0b5247f4fc8f6677639781ce468543490216 (1.5.x) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a (2.0.x) ===================================== data/dla-needed.txt ===================================== @@ -112,9 +112,13 @@ lemonldap-ng NOTE: 20220523: Harmonize with Debian 10.4 (1 CVE) and 10.5 (regression fix) (Beuc/front-desk) -- libdbi-perl - NOTE: 20220523: Harmonize with Debian 10.8 (CVE-2014-10402 is a follow-up to CVE-2014-10401 (Beuc/front-desk) + NOTE: 20220523: Harmonize with Debian 10.8 (CVE-2014-10402 is a follow-up to CVE-2014-10401 NOTE: 20220523: which was fixed before stretch, buster's debian/changelog is incorrect) (Beuc/front-desk) -- +libjpeg-turbo + NOTE: 20220523: Harmonize with Debian 10.7 (only 1 CVE but last + NOTE: 20220523: stretch update back in 2020 and possible RCE) (Beuc/front-desk) +-- liblouis NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN NOTE: 20220320: and POC. Consider fixing CVE-2018-17294 too. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02b034786cdc32eaec3a87cd3cb1a155f034da2e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02b034786cdc32eaec3a87cd3cb1a155f034da2e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits