[Git][security-tracker-team/security-tracker][master] Upstream says CVE-2020-14153 is not in libjpeg-turbo
Adrian Bunk
bunk at debian.org
Mon Jul 27 19:08:12 BST 2020
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aa72fd2e by Adrian Bunk at 2020-07-27T21:07:27+03:00
Upstream says CVE-2020-14153 is not in libjpeg-turbo
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4407,8 +4407,8 @@ CVE-2020-14154 (Mutt before 1.14.3 proceeds with a connection even if, in respon
NOTE: Negligible security impact
CVE-2020-14153 (In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-bounds arr ...)
- libjpeg9 1:9d-1
- - libjpeg-turbo <undetermined>
- NOTE: Not clear what the exact change is between 9c and 9d and whether it applies to -turbo
+ - libjpeg-turbo <not-affected>
+ NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445
CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...)
- libjpeg9 1:9d-1 (low)
- libjpeg-turbo 1:1.5.2-1 (low)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa72fd2e77f771bc3543923dad01f3f306456470
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa72fd2e77f771bc3543923dad01f3f306456470
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200727/2f7877b8/attachment.html>
More information about the debian-security-tracker-commits
mailing list