Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
78dc70d1 by Moritz Muehlenhoff at 2020-07-06T19:40:24+02:00
jpeg issue already fixed a few years ago
take squid
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3348,9 +3348,9 @@ CVE-2020-14153 (In IJG JPEG (aka libjpeg) before 9d,
jdhuff.c has an out-of-boun
NOTE: Not clear what the exact change is between 9c and 9d and whether
it applies to -turbo
CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in
jmemnobs. ...)
- libjpeg9 1:9d-1 (low)
- - libjpeg-turbo <unfixed> (low)
+ - libjpeg-turbo 1:1.5.2-1 (low)
[jessie] - libjpeg-turbo <no-dsa> (Minor issue)
- TODO: report to libjpeg-turbo upstream
+ NOTE:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/da2a27ef056a0179cbd80f9146e58b89403d9933
CVE-2020-14151
REJECTED
CVE-2020-14150 (GNU Bison before 3.5.4 allows attackers to cause a denial of
service ( ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -39,9 +39,9 @@ ruby2.5/stable
--
roundcube
--
-squid/stable
+squid (jmm)
--
-teeworlds/stable (jmm)
+teeworlds (jmm)
--
xcftools
Hugo proposed to work on this update
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78dc70d1107dc4aaf3bd5af22a10c082f9215ccd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78dc70d1107dc4aaf3bd5af22a10c082f9215ccd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
