On Mon, Apr 04, 2016 at 02:35:03PM +0200, Salvatore Bonaccorso wrote: > Source: libjpeg9 > Version: 1:9b-1 > Severity: important > Tags: security upstream > > Hi, > > the following vulnerability was published for libjpeg9. The issue > is in the cjpeg utility. > > CVE-2016-3616[0]: > null pointer dereference in cjpeg > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Hello Salvatore, Upstream has confirmed that only cjpeg is affected, and so only libjpeg-progs and not the binary package libjpeg9. Thanks for your report! -- Bill. <[email protected]> Imagine a large red swirl here.
