[Git][security-tracker-team/security-tracker][master] jpeg issue already fixed a few years ago

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
78dc70d1 by Moritz Muehlenhoff at 2020-07-06T19:40:24+02:00
jpeg issue already fixed a few years ago
take squid

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3348,9 +3348,9 @@ CVE-2020-14153 (In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-boun
 	NOTE: Not clear what the exact change is between 9c and 9d and whether it applies to -turbo
 CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...)
 	- libjpeg9 1:9d-1 (low)
-	- libjpeg-turbo <unfixed> (low)
+	- libjpeg-turbo 1:1.5.2-1 (low)
 	[jessie] - libjpeg-turbo <no-dsa> (Minor issue)
-	TODO: report to libjpeg-turbo upstream
+	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/da2a27ef056a0179cbd80f9146e58b89403d9933
 CVE-2020-14151
 	REJECTED
 CVE-2020-14150 (GNU Bison before 3.5.4 allows attackers to cause a denial of service ( ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -39,9 +39,9 @@ ruby2.5/stable
 --
 roundcube
 --
-squid/stable
+squid (jmm)
 --
-teeworlds/stable (jmm)
+teeworlds (jmm)
 --
 xcftools
   Hugo proposed to work on this update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78dc70d1107dc4aaf3bd5af22a10c082f9215ccd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78dc70d1107dc4aaf3bd5af22a10c082f9215ccd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200706/f1b7f309/attachment.html>