[Git][security-tracker-team/security-tracker][master] dla: add libjpeg-turbo

Mon May 23 17:33:59 BST 2022


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
02b03478 by Sylvain Beucler at 2022-05-23T18:32:53+02:00
dla: add libjpeg-turbo

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -143792,7 +143792,7 @@ CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer
 	{DLA-2302-1}
 	- libjpeg-turbo 1:2.0.5-1 (bug #962829)
 	[buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
-	[jessie] - libjpeg-turbo <ignored> (No package in Debian jessie uses the TurboJPEG API)
+	[jessie] - libjpeg-turbo <ignored> (No other package in Debian jessie uses the TurboJPEG API or the TurboJPEG CLI tools)
 	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433
 	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1bfb0b5247f4fc8f6677639781ce468543490216 (1.5.x)
 	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a (2.0.x)


=====================================
data/dla-needed.txt
=====================================
@@ -112,9 +112,13 @@ lemonldap-ng
   NOTE: 20220523: Harmonize with Debian 10.4 (1 CVE) and 10.5 (regression fix) (Beuc/front-desk)
 --
 libdbi-perl
-  NOTE: 20220523: Harmonize with Debian 10.8 (CVE-2014-10402 is a follow-up to CVE-2014-10401 (Beuc/front-desk)
+  NOTE: 20220523: Harmonize with Debian 10.8 (CVE-2014-10402 is a follow-up to CVE-2014-10401
   NOTE: 20220523: which was fixed before stretch, buster's debian/changelog is incorrect) (Beuc/front-desk)
 --
+libjpeg-turbo
+  NOTE: 20220523: Harmonize with Debian 10.7 (only 1 CVE but last
+  NOTE: 20220523: stretch update back in 2020 and possible RCE) (Beuc/front-desk)
+--
 liblouis
   NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN
   NOTE: 20220320: and POC. Consider fixing CVE-2018-17294 too.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02b034786cdc32eaec3a87cd3cb1a155f034da2e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02b034786cdc32eaec3a87cd3cb1a155f034da2e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220523/e5b3ecd2/attachment-0001.htm>
