[Secure-testing-commits] r56708 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Oct 14 18:45:13 UTC 2017


Author: carnil
Date: 2017-10-14 18:45:13 +0000 (Sat, 14 Oct 2017)
New Revision: 56708

Modified:
   data/CVE/list
Log:
Add remaining source package names for CVE-2017-15232

All contain the problematic code, and all build jdpostct.c. But I have
not done any further check, but rather only this first check to add the
source package names to the entry.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-14 18:29:30 UTC (rev 56707)
+++ data/CVE/list	2017-10-14 18:45:13 UTC (rev 56708)
@@ -200,9 +200,11 @@
 	RESERVED
 CVE-2017-15232 (libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and ...)
 	- libjpeg-turbo <unfixed> (low; bug #878567)
+	- libjpeg6b <unfixed>
+	- libjpeg8 <removed>
+	- libjpeg9 <unfixed>
 	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182
 	NOTE: https://github.com/mozilla/mozjpeg/issues/268
-	TODO: check libjpeg6b, libjpeg8 and libjpeg9
 CVE-2017-15231
 	RESERVED
 CVE-2017-15230




More information about the Secure-testing-commits mailing list