On Mon, Nov 18, 2013 at 01:37:59PM +0100, Moritz Muehlenhoff wrote: > Package: libjpeg8 > Severity: important > Tags: security > > Hi Bill. > I noticed the following in the recent Google Chrome release announcement: > http://googlechromereleases.blogspot.de/2013/11/stable-channel-update.html > > | [258723] Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and > | libjpeg-turbo. Credit to Michal Zalewski of Google. > > The related Google bug is closed, but after some digging I found this > posting: > http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html > > I don't think this warrants a DSA, but we could still fix this up in a point > release, let me know if you disagree.
Hello Moritz, I have uploaded libjpeg8 8d-2 and libjpeg6b 6b1-4 (which are now in testing) and are identical to the wheezy version except for this change. So they can just be rebuild for wheezy and uploaded. Cheers, -- Bill. <[email protected]> Imagine a large red swirl here. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
