This is an automated email from the ASF dual-hosted git repository.
lausen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-mxnet.git
The following commit(s) were added to refs/heads/master by this push:
new 04167df staticbuild: Fix potential user-assisted execution of
arbitrary code (#17860)
04167df is described below
commit 04167dfffd006a82630b558682dbb788e8577f66
Author: Leonard Lausen <[email protected]>
AuthorDate: Wed Mar 18 19:38:24 2020 -0700
staticbuild: Fix potential user-assisted execution of arbitrary code
(#17860)
Previous libjpeg-turbo dependency contains a serious bug reference
https://www.openwall.com/lists/oss-security/2019/11/11/1
---
tools/dependencies/libturbojpeg.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/dependencies/libturbojpeg.sh
b/tools/dependencies/libturbojpeg.sh
index 0c9eb97..911827a 100755
--- a/tools/dependencies/libturbojpeg.sh
+++ b/tools/dependencies/libturbojpeg.sh
@@ -20,7 +20,7 @@
# This script builds the static library of libturbojpeg that can be used as
dependency of
# mxnet/opencv.
set -ex
-TURBO_JPEG_VERSION=2.0.2
+TURBO_JPEG_VERSION=2.0.4
if [[ $PLATFORM == 'darwin' ]]; then
JPEG_NASM_OPTION="-D CMAKE_ASM_NASM_COMPILER=/usr/local/bin/nasm"
fi
