[Git][security-tracker-team/security-tracker][master] initial jpeg triage

Moritz Muehlenhoff jmm at debian.org
Mon Jun 22 12:46:22 BST 2020



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2b7e23ac by Moritz Muehlenhoff at 2020-06-22T13:46:01+02:00
initial jpeg triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1984,7 +1984,7 @@ CVE-2020-14153 (In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-boun
 CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...)
 	TODO: check
 CVE-2020-14151 (In IJG JPEG (aka libjpeg) before 9d, read_*_pixel() in rdtarga.c in cj ...)
-	TODO: check
+	NOTE: Duplicate of CVE-2018-11813, should be rejected
 CVE-2020-14150 (GNU Bison before 3.5.4 allows attackers to cause a denial of service ( ...)
 	- bison 2:3.6.1+dfsg-1
 	NOTE: https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00000.html
@@ -115596,7 +115596,10 @@ CVE-2018-1000203 (Soar Labs Soar Coin version up to and including git commit 4a2
 CVE-2018-11814
 	RESERVED
 CVE-2018-11813 (libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles ...)
-	- libjpeg9 1:9d-1 (low; bug #904719)
+	- libjpeg9 1:9d-1 (unimportant; bug #904719)
+	- libjpeg-turbo <unfixed> (unimportant)
+	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/909a8cfc7bca9b2e6707425bdb74da997e8fa499
+	NOTE: Infinite loop in CLI tool, no security impact
 CVE-2018-11812
 	RESERVED
 CVE-2018-11811



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b7e23ac1904a57cef66a3ebd1f09dc198d9235c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b7e23ac1904a57cef66a3ebd1f09dc198d9235c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200622/a4d1fcce/attachment.html>


More information about the debian-security-tracker-commits mailing list