Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 78dc70d1 by Moritz Muehlenhoff at 2020-07-06T19:40:24+02:00 jpeg issue already fixed a few years ago take squid - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -3348,9 +3348,9 @@ CVE-2020-14153 (In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-boun NOTE: Not clear what the exact change is between 9c and 9d and whether it applies to -turbo CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...) - libjpeg9 1:9d-1 (low) - - libjpeg-turbo <unfixed> (low) + - libjpeg-turbo 1:1.5.2-1 (low) [jessie] - libjpeg-turbo <no-dsa> (Minor issue) - TODO: report to libjpeg-turbo upstream + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/da2a27ef056a0179cbd80f9146e58b89403d9933 CVE-2020-14151 REJECTED CVE-2020-14150 (GNU Bison before 3.5.4 allows attackers to cause a denial of service ( ...) ===================================== data/dsa-needed.txt ===================================== @@ -39,9 +39,9 @@ ruby2.5/stable -- roundcube -- -squid/stable +squid (jmm) -- -teeworlds/stable (jmm) +teeworlds (jmm) -- xcftools Hugo proposed to work on this update View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78dc70d1107dc4aaf3bd5af22a10c082f9215ccd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78dc70d1107dc4aaf3bd5af22a10c082f9215ccd You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits