Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aa72fd2e by Adrian Bunk at 2020-07-27T21:07:27+03:00
Upstream says CVE-2020-14153 is not in libjpeg-turbo
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4407,8 +4407,8 @@ CVE-2020-14154 (Mutt before 1.14.3 proceeds with a
connection even if, in respon
NOTE: Negligible security impact
CVE-2020-14153 (In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an
out-of-bounds arr ...)
- libjpeg9 1:9d-1
- - libjpeg-turbo <undetermined>
- NOTE: Not clear what the exact change is between 9c and 9d and whether
it applies to -turbo
+ - libjpeg-turbo <not-affected>
+ NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445
CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in
jmemnobs. ...)
- libjpeg9 1:9d-1 (low)
- libjpeg-turbo 1:1.5.2-1 (low)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa72fd2e77f771bc3543923dad01f3f306456470
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa72fd2e77f771bc3543923dad01f3f306456470
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
