-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libjpeg-turbo Version : 1:1.3.1-12+deb8u2 CVE ID : CVE-2018-14498 Debian Bug : #924678
It was discovered that there was a denial of service vulnerability in the libjpeg-turbo CPU-optimised JPEG image library. A heap-based buffer over-read could be triggered by a specially-crafted bitmap (BMP) file. For Debian 8 "Jessie", this issue has been fixed in libjpeg-turbo version 1:1.3.1-12+deb8u2. We recommend that you upgrade your libjpeg-turbo packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlyP7UQACgkQHpU+J9Qx HljTZhAAuGWwBEfN5h45N6Xe+m9zYUNKy8mC3w47jbJNdhcf9S2rQjdQ4Qw9Fuwc inff+c9aDpXMUpAn/s/ZQun7RFejuWC1HQJK06EaVbhPUOxB/lb4JdQ7Sd5VvyfU lDfYd7VIZ+vwK+zqqzyN1v5GzQ6Sj/o34EIkOpYObpC2OavosXMFGKpr7GANBsPC QeFKAqqMdugCW8e/09BQyBuDfQbEWtqUjrZTqBDgpODJ/2uO04bmunjI/ISWYWSh Ru2apcRJaN7qIKbNqV2fuwTQvq1HnGtksGXPOPzWopdCPuriLXQmMOVXsSAPZDQ1 odPideJHmOwP8KPf63je3Rauy9ZHjbBeAGsb9e74qbVCx94g7R4Ii6Vci9LscXcG tMyvNwUX3/iIP9HMsiLPqpCGqDkg5tDucBluiYs+cTL5N6xjFvMr8Qkm6qmCChAs NAK7Y9QAc36+xH4ydIjlYwxMicBu3qvF6QSzuiZh+H6u1pXFgQPp59O9ASajTUF7 6aRBXzcbOUcJh2nHEmShP+XJpUmPsdehkYYKsnADBPUuUjkl6XqvnObWHVJBNyQq /FtsxhFVPl/OpGNTuZ0euxr+xBlqrQOSXxiHkXo1yBQ3PP3Bsv2gFkeWi+trL5fB X9BppMMJ+FrYMT1Omzi+R0Sl3SWU2cOIpnzcIJ6w48KC0+UXNMg= =2tm6 -----END PGP SIGNATURE-----