Thanks for the report. I'm marking this one "invalid" because libjpeg8 appears to exist only to suggest using libjpeg-turbo:
$ umt search libjpeg8 Running search command. Ubuntu packages: Other packages: squeeze: 8b-1, Pocket: release, Component: main unstable: 8d-1, Pocket: release, Component: main wheezy: 8d-1, Pocket: release, Component: main $ apt-cache show libjpeg8 Package: libjpeg8 Priority: optional Section: libs Installed-Size: 26 Maintainer: Ubuntu Developers <[email protected]> Architecture: amd64 Source: libjpeg8-empty Version: 8c-2ubuntu8 Depends: libjpeg-turbo8 (>= 1.1.90+svn722-1ubuntu6) ... $ apt-cache show libjpeg-turbo8 Package: libjpeg-turbo8 Priority: optional Section: libs Installed-Size: 330 Maintainer: Ubuntu Developers <[email protected]> Architecture: amd64 Source: libjpeg-turbo Version: 1.3.0-0ubuntu1 Replaces: libjpeg8 (<< 8c-2ubuntu5) ... If I've missed something, please let me know, but I think libjpeg6b and libjpeg-turbo are the only source packages we need to worry about. Thanks ** Changed in: libjpeg8 (Ubuntu) Status: New => Invalid ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libjpeg8 in Ubuntu. https://bugs.launchpad.net/bugs/1252913 Title: CVE-2013-6629 Status in “libjpeg8” package in Ubuntu: Invalid Bug description: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6629 http://seclists.org/fulldisclosure/2013/Nov/83 May or may not affect libjpeg8; unclear. See also https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6630 for reference. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libjpeg8/+bug/1252913/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
