[Git][security-tracker-team/security-tracker][master] Reserve DLA-2302-1 for libjpeg-turbo
Adrian Bunk
bunk at debian.org
Fri Jul 31 18:29:34 BST 2020
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
564cff24 by Adrian Bunk at 2020-07-31T20:28:09+03:00
Reserve DLA-2302-1 for libjpeg-turbo
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -6051,7 +6051,6 @@ CVE-2020-13791 (hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an o
CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-r ...)
- libjpeg-turbo 1:2.0.5-1 (bug #962829)
[buster] - libjpeg-turbo <no-dsa> (Minor issue)
- [stretch] - libjpeg-turbo <no-dsa> (Minor issue)
[jessie] - libjpeg-turbo <ignored> (No package in Debian jessie uses the TurboJPEG API)
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1bfb0b5247f4fc8f6677639781ce468543490216 (1.5.x)
@@ -112364,7 +112363,6 @@ CVE-2018-14498 (get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJ
{DLA-1719-1}
- libjpeg-turbo 1:2.0.5-1 (low; bug #924678)
[buster] - libjpeg-turbo <no-dsa> (Minor issue)
- [stretch] - libjpeg-turbo <no-dsa> (Minor issue)
- mozjpeg <itp> (bug #741487)
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
@@ -150090,7 +150088,6 @@ CVE-2018-1152 (libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnera
{DLA-1638-1}
- libjpeg-turbo 1:2.0.5-1 (low; bug #902950)
[buster] - libjpeg-turbo <no-dsa> (Minor issue)
- [stretch] - libjpeg-turbo <no-dsa> (Minor issue)
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6
CVE-2018-1151 (The web server on Western Digital TV Media Player 1.03.07 and TV Live ...)
NOT-FOR-US: web server on Western Digital TV Media Player and TV Live Hub
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Jul 2020] DLA-2302-1 libjpeg-turbo - security update
+ {CVE-2018-1152 CVE-2018-14498 CVE-2020-13790 CVE-2020-14152}
+ [stretch] - libjpeg-turbo 1:1.5.1-2+deb9u1
[30 Jul 2020] DLA-2301-1 json-c - security update
{CVE-2020-12762}
[stretch] - json-c 0.12.1-1.1+deb9u1
=====================================
data/dla-needed.txt
=====================================
@@ -73,9 +73,6 @@ jruby (Adrian Bunk)
jupyter-notebook
NOTE: 20200711: Vulnerable to (at least) CVE-2018-19351. (lamby)
--
-libjpeg-turbo (Adrian Bunk)
- NOTE: 20200727: work is ongoing (bunk)
---
libopenmpt (Utkarsh Gupta)
NOTE: 20200727: WIP. (utkarsh)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/564cff24bb951d740731a44a239d9ac253cec77d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/564cff24bb951d740731a44a239d9ac253cec77d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200731/1fc1d02a/attachment.html>
More information about the debian-security-tracker-commits
mailing list