Your message dated Tue, 21 Jan 2025 08:40:56 +0000
with message-id <[email protected]>
and subject line Bug#1041103: fixed in libjpeg 0.0~git20241105.c719010-1
has caused the Debian Bug report #1041103,
regarding libjpeg: CVE-2023-37836 CVE-2023-37837
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1041103: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041103
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libjpeg
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libjpeg.
CVE-2023-37836[0]:
| libjpeg commit db33a6e was discovered to contain a reachable
| assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This
| vulnerability allows attackers to cause a Denial of Service (DoS)
| via a crafted file.
https://github.com/thorfdbg/libjpeg/issues/87#BUG1
Fixed by:
https://github.com/thorfdbg/libjpeg/commit/9e0cea29d7ba7a2c1e763865391bc94b336da25e
CVE-2023-37837[1]:
| libjpeg commit db33a6e was discovered to contain a heap buffer
| overflow via LineBitmapRequester::EncodeRegion at
| linebitmaprequester.cpp. This vulnerability allows attackers to
| cause a Denial of Service (DoS) via a crafted file.
https://github.com/thorfdbg/libjpeg/issues/87#BUG0
Fixed by:
https://github.com/thorfdbg/libjpeg/commit/9e0cea29d7ba7a2c1e763865391bc94b336da25e
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-37836
https://www.cve.org/CVERecord?id=CVE-2023-37836
[1] https://security-tracker.debian.org/tracker/CVE-2023-37837
https://www.cve.org/CVERecord?id=CVE-2023-37837
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: libjpeg
Source-Version: 0.0~git20241105.c719010-1
Done: xiao sheng wen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libjpeg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
xiao sheng wen <[email protected]> (supplier of updated libjpeg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 21 Jan 2025 15:30:53 +0800
Source: libjpeg
Built-For-Profiles: pkg.linux.nokerneldbg pkg.linux.nokerneldbginfo
Architecture: source
Version: 0.0~git20241105.c719010-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: xiao sheng wen <[email protected]>
Closes: 1041103 1091050
Changes:
libjpeg (0.0~git20241105.c719010-1) unstable; urgency=medium
.
* Team upload.
* New upstream version (Closes: #1041103)
- CVE-2023-37836
- CVE-2023-37837
* Standards-Version: 4.7.0
* Reorder sequence of d/control fields by cme (routine-update)
* Drop useless get-orig-source target (routine-update)
* Add salsa-ci file (routine-update)
* Trim trailing whitespace.
* Drop unnecessary dependency on dh-autoreconf.
* d/clean: add clean debian/jpeg.1
* d/rules: add override_dh_auto_clean target (Closes: #1091050)
* d/copyright:
- remove Files-Excluded field, not repackage source
- update-debian-copyright year info to 2025
Checksums-Sha1:
4ec8e0e24182d58e1f67fdf9dbb3327d5e08708f 2089
libjpeg_0.0~git20241105.c719010-1.dsc
12727fec0606ac1e934018939c0b740ea661ec3a 373168
libjpeg_0.0~git20241105.c719010.orig.tar.xz
233449203a9f0fc615d5366655237e2ce8065370 18496
libjpeg_0.0~git20241105.c719010-1.debian.tar.xz
8fad09a419c5d134534debfaf1f3fa078329a323 6007
libjpeg_0.0~git20241105.c719010-1_source.buildinfo
Checksums-Sha256:
d9c60b1862fecf3b2c1e52a940adb8fba5a364a33589dd093401e746e9cb36b3 2089
libjpeg_0.0~git20241105.c719010-1.dsc
1a43d2ff33cbd940bd4ae1f09088d405c7c6a38fbd35e6fd50726ff35d2b37fa 373168
libjpeg_0.0~git20241105.c719010.orig.tar.xz
46bd16c532bd1adca84db6ff560d4d22d21d5052ff4e1218927e3afd2d4c7093 18496
libjpeg_0.0~git20241105.c719010-1.debian.tar.xz
cc858dd3a47df5f740f312ca098f7187adc01e531132e0affe033249fcb8b1d7 6007
libjpeg_0.0~git20241105.c719010-1_source.buildinfo
Files:
064b6a8847e4aec87b1bd3cb02703cbc 2089 graphics optional
libjpeg_0.0~git20241105.c719010-1.dsc
c694531bfff8a76c4d875fc751b6fe9c 373168 graphics optional
libjpeg_0.0~git20241105.c719010.orig.tar.xz
650f4b14e47e00024d60f2235fe5d9a8 18496 graphics optional
libjpeg_0.0~git20241105.c719010-1.debian.tar.xz
dbb5f4a6cdd65bc85be44613d4bfba46 6007 graphics optional
libjpeg_0.0~git20241105.c719010-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEvGv7H5NUQYeSuhtTJ2Egg8PSprAFAmePVOsACgkQJ2Egg8PS
prDr7g/9H9HpFoobCrewIZQtpCXwGG9KyAvy49A8UhQhiGhch12XKjo5SWcndpUY
5AcgqCO5YklNLUzPtxSrN6NFcWp+yrWdW+hJREaFRVgc67SotKMEKln8gWT5BSfY
o8eFGbTLofB0h22x58rq0jC+rNgmiZHW8t5kC44ACBpdQ0kvk0KvGSs9LIAkJ1B3
b0e9eaO7tbd1bTKasfETW74aINI2mFO2cdxpS8LsY/5Jm0M2l1Lz7zbkEwePjYK4
mWvoTwlSUHzuZPnZo+2kkjro/HuGbOA5puZ5w+UYRXYA4+ds+7y4AFlG6AYHusev
QDdtidr/EZQHi8oCHin+rAPYeFzG9wYyTw8tt3CkPMukgrew/8jq1Uza1hvRyJGA
i1TU9xhUh+n0MHNEYe1sFL0Ovi6P13umW8Aqz35PymPtuabk646aDeKab2yheedQ
zrUHWLd1hAv2pGaX5pXCS20Syp/QpHsxToPeQw2ls5SqSx/E4zAghDWbx5Kov/W7
WQVgkjE7ZtKwMt+3RV+86Q9n0ijmLQTi4WN3QKhQLzu0eCVLCUhmDCdRjUY7iVUu
w7G2cfi6B1Ayk6OL6m4c7mvlKHR2aFdDiiew5qM/AqVcACif8hJLnDZFr9/tRSgT
5Uy1Cz+7irGha0U6QksjeGMg4mOBS/FrxSIduGbxumdji2El0OM=
=mEAH
-----END PGP SIGNATURE-----
pgpz8nnPZ11BQ.pgp
Description: PGP signature
--- End Message ---
