[Git][security-tracker-team/security-tracker][master] Add CVE-2020-13790/libjpeg-turbo

Fri Jun 5 20:02:17 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
878a9ed1 by Salvatore Bonaccorso at 2020-06-05T21:01:12+02:00
Add CVE-2020-13790/libjpeg-turbo

I for now did not add the other libjpeg implenatations as the CVE seem
to be specificically assigned for libjpeg-turbo, but this needs to be
double checked.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -247,7 +247,10 @@ CVE-2020-13791 (hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an o
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00831.html
 CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-r ...)
-	TODO: check
+	- libjpeg-turbo <unfixed>
+	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433
+	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1bfb0b5247f4fc8f6677639781ce468543490216 (1.5.x)
+	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a (2.0.x)
 CVE-2020-13789
 	RESERVED
 CVE-2020-13788



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/878a9ed199e786051aea83a8913f370a170f79e7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/878a9ed199e786051aea83a8913f370a170f79e7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200605/1a2fc1ae/attachment.html>
