Your message dated Thu, 19 Nov 2020 20:46:17 +0000
with message-id <[email protected]>
and subject line Bug#902950: fixed in libjpeg-turbo 1:1.5.2-2+deb10u1
has caused the Debian Bug report #902950,
regarding libjpeg-turbo: CVE-2018-1152
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
902950: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902950
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libjpeg-turbo
Version: 1:1.5.1-2
Severity: important
Tags: patch security upstream
Hi,
The following vulnerability was published for libjpeg-turbo.
CVE-2018-1152[0]:
| libjpeg-turbo 1.5.90 is vulnerable to a denial of service
| vulnerability caused by a divide by zero when processing a crafted BMP
| image.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-1152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1152
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libjpeg-turbo
Source-Version: 1:1.5.2-2+deb10u1
Done: =?utf-8?q?Moritz_M=C3=BChlenhoff?= <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libjpeg-turbo, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated libjpeg-turbo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 07 Oct 2020 22:25:43 +0200
Source: libjpeg-turbo
Binary: libjpeg-dev libjpeg-turbo-progs libjpeg-turbo-progs-dbgsym
libjpeg62-turbo libjpeg62-turbo-dbgsym libjpeg62-turbo-dev libturbojpeg0
libturbojpeg0-dbgsym libturbojpeg0-dev
Architecture: source all amd64
Version: 1:1.5.2-2+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Ondřej Surý <[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Description:
libjpeg-dev - Development files for the JPEG library [dummy package]
libjpeg-turbo-progs - Programs for manipulating JPEG files
libjpeg62-turbo - libjpeg-turbo JPEG runtime library
libjpeg62-turbo-dev - Development files for the libjpeg-turbo JPEG library
libturbojpeg0 - TurboJPEG runtime library - SIMD optimized
libturbojpeg0-dev - Development files for the TurboJPEG library
Closes: 902950 924678 962829
Changes:
libjpeg-turbo (1:1.5.2-2+deb10u1) buster; urgency=medium
.
* CVE-2018-1152 (Closes: #902950)
* CVE-2018-14498 (Closes: #924678)
* CVE-2019-2201
* CVE-2020-13790 (Closes: #962829)
Checksums-Sha1:
15a0c246423966696bcf924e2ee0359b649de68c 2336 libjpeg-turbo_1.5.2-2+deb10u1.dsc
ce95d4943e0c5ad3a235d945695b89e5476f2a02 83360
libjpeg-turbo_1.5.2-2+deb10u1.debian.tar.xz
cb7f5879ac1a956ef1e76fecb31d7bca5a22d1ba 57724
libjpeg-dev_1.5.2-2+deb10u1_all.deb
e12f53f34c815bedceb242829745d63233b1efb9 218580
libjpeg-turbo-progs-dbgsym_1.5.2-2+deb10u1_amd64.deb
3e449fa1accbd0de93b219e6576847249771b58c 115932
libjpeg-turbo-progs_1.5.2-2+deb10u1_amd64.deb
cbaf2e101c057422602db365a87c69f95fec1feb 7962
libjpeg-turbo_1.5.2-2+deb10u1_amd64.buildinfo
08aa3302af59db5df5699c584ddafda3e18f79b1 379284
libjpeg62-turbo-dbgsym_1.5.2-2+deb10u1_amd64.deb
10635ed209801ce603c433c90b5641de350affe4 207836
libjpeg62-turbo-dev_1.5.2-2+deb10u1_amd64.deb
f1f1d5eb5588607f1720b411b42c77f2fcaaac32 133200
libjpeg62-turbo_1.5.2-2+deb10u1_amd64.deb
962612d30ee6f361aadc928aeb554076aff38e55 443020
libturbojpeg0-dbgsym_1.5.2-2+deb10u1_amd64.deb
1706c4f011b3bdb677572ce6888c19089bf9669c 177812
libturbojpeg0-dev_1.5.2-2+deb10u1_amd64.deb
1d8ac04c71137549456af51139c339e36c3a1bda 149804
libturbojpeg0_1.5.2-2+deb10u1_amd64.deb
Checksums-Sha256:
415219eb10407301651363a7e4fafa3a64a102eea4fb32b189f026b528831958 2336
libjpeg-turbo_1.5.2-2+deb10u1.dsc
ce4aa2fbb6ee52f4076d9084377960b79f330792692d57b2a1b57d672213d01b 83360
libjpeg-turbo_1.5.2-2+deb10u1.debian.tar.xz
9d9fdd172f3dde6f9b187e60a8fbf59b82ddaf2bed2db8b4e9d60965aae3510c 57724
libjpeg-dev_1.5.2-2+deb10u1_all.deb
4c6ac31271258b2a51ca1fb4bca5fcb58fca775450f13e07079daf27b88bf0ad 218580
libjpeg-turbo-progs-dbgsym_1.5.2-2+deb10u1_amd64.deb
dfd7862708b675419a21ce0853cedb431f0745349df9489e8a25206e28eea9c1 115932
libjpeg-turbo-progs_1.5.2-2+deb10u1_amd64.deb
4a7d5290474aee30d9a872b0f696e988bb353a2552339715efb014769aac6085 7962
libjpeg-turbo_1.5.2-2+deb10u1_amd64.buildinfo
39c83c8dbce4173ccee0107991a1e2786349b09f141789c698eb42bd1163b1b9 379284
libjpeg62-turbo-dbgsym_1.5.2-2+deb10u1_amd64.deb
e196d53b81b64f665c023608c8a00eb3ee6f18fc8e9dc3ee97f71d251b432711 207836
libjpeg62-turbo-dev_1.5.2-2+deb10u1_amd64.deb
b6cbc7d722cbf697cedbcd9b8b209f8cfa05f147fba4061adf2fcee6cc64c556 133200
libjpeg62-turbo_1.5.2-2+deb10u1_amd64.deb
26b4c10265e1ee6d4204ef287f6c2c49fd5d04a91d62c9ffbef7a3524e070aa6 443020
libturbojpeg0-dbgsym_1.5.2-2+deb10u1_amd64.deb
631160f83ca1215c4cf6bcf3e68ff917922c21e341844b26984a7a828d300fe8 177812
libturbojpeg0-dev_1.5.2-2+deb10u1_amd64.deb
0090d2589db67c083a2f596dbef91836f40d355a2d6e343f3b480e9732b2e4d4 149804
libturbojpeg0_1.5.2-2+deb10u1_amd64.deb
Files:
82483cd01a5b0bfef57d2f2b7b64769b 2336 graphics optional
libjpeg-turbo_1.5.2-2+deb10u1.dsc
8b55e173eb2f4f5dd5d7be4b2ff58745 83360 graphics optional
libjpeg-turbo_1.5.2-2+deb10u1.debian.tar.xz
7decb20ae0a701480c0275806d7a2e67 57724 libdevel optional
libjpeg-dev_1.5.2-2+deb10u1_all.deb
f2a05e984394c65d0db3cbab781bf24c 218580 debug optional
libjpeg-turbo-progs-dbgsym_1.5.2-2+deb10u1_amd64.deb
1dd91c28efa41542de0c577337ee1128 115932 graphics optional
libjpeg-turbo-progs_1.5.2-2+deb10u1_amd64.deb
8eb845c71da0e89bc1aa39d8aaf2e08c 7962 graphics optional
libjpeg-turbo_1.5.2-2+deb10u1_amd64.buildinfo
9d88b0446463420f223add55921c64e0 379284 debug optional
libjpeg62-turbo-dbgsym_1.5.2-2+deb10u1_amd64.deb
b102b50fe1f216aeb5469ce7e6bed206 207836 libdevel optional
libjpeg62-turbo-dev_1.5.2-2+deb10u1_amd64.deb
456c9099a2ea24f2d4e6d60faf6dc8c6 133200 libs optional
libjpeg62-turbo_1.5.2-2+deb10u1_amd64.deb
3fd5c4cd83c9fe1784be835a1d3529b4 443020 debug optional
libturbojpeg0-dbgsym_1.5.2-2+deb10u1_amd64.deb
8a4cf4f0b525fbc99f3d278dae32f5b2 177812 libdevel optional
libturbojpeg0-dev_1.5.2-2+deb10u1_amd64.deb
7ad7ba15b54dfa0c68463ab97badc344 149804 libs optional
libturbojpeg0_1.5.2-2+deb10u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl+ZwQQACgkQEMKTtsN8
TjaYsQ/+K6PRbD5HLhH6yaWDBIGmElneZL6mARsTn6sDY4yrbumb7niLt+aPZdIq
v3B/Do/AkHrJXUhZjtbJnV20xvZUkhmGU8WviFLlYLzNVgERnvwdHvrFqmeRlcsE
jgn1RPiLL5qdZiFSngQOWtjbJzx93zVB/SCBngYsrRY2IzgKrCmSxffJTgBTi8Sp
D51GveFDGIj28Fs6wwWFhJa29ptvQg27xknNV6oADoIEVvoWJHH0nWP8tlw9a1oF
sxh2MKomC+5yrBppPMoerfdB3zzRSmsCCSkxCJV8FU+9j87mSnJO5BZ2q4UgPnbY
tiL4JUmVyaVl2iWBJ//KVR0aHl2Dt7HX8SEDjKkqQSEpkWGQVXYuZcpBYcWd722G
sx5xzdxdLK9I6Q2s3O43T6gsLLyecPfgBTdER3xv7Z9UM0UdMgfPd2XVSFPs92S6
/vhUjyi49VsP7UoFWfw0Y+xQSAADkE8XbuVdDSc6d6ww+CXiL+/DlDcHziWZmc8+
a1Jej16dBKWY1aZvC0XKffZX2Cd3zar8JXR6zFa8pHGdsUjpLph/2wrmFsIe8xin
X7WJcuXEffaPJ9HEbRldT4UDENlynPCUaUMDlWqtlTpJrxF7h0mPYw/j8VywfpaN
FoB60rPtM+ZYVkEqeI4mMS05oj0wP2z3IcV1SRyll7oPrIN/ZT4=
=AtYY
-----END PGP SIGNATURE-----
--- End Message ---
