Re: Wheezy update of libjpeg6b and libjpeg8?

Hi Bill What I did was to check that the vulnerable code was there (patch looks like it can apply). I did not look into whether the code could actually be triggered. Best regards // Ola On 16 October 2017 at 13:54, Bill Allombert wrote: > On Mon, Oct 16, 2017 at

Re: Wheezy update of libjpeg6b and libjpeg8?

On Mon, Oct 16, 2017 at 01:54:34PM +0200, Bill Allombert wrote: > On Mon, Oct 16, 2017 at 01:44:14PM +0200, Ola Lundqvist wrote: > > Hi > > > > Sorry. Wrong year in the CVE. > > > > The correct CVE is CVE-2017-15232. > > Yes, I finally found it. Any evidence it affects libjpeg ? For all I >

Re: Wheezy update of libjpeg6b and libjpeg8?

On Mon, Oct 16, 2017 at 01:44:14PM +0200, Ola Lundqvist wrote: > Hi > > Sorry. Wrong year in the CVE. > > The correct CVE is CVE-2017-15232. Yes, I finally found it. Any evidence it affects libjpeg ? For all I see it relies on code added to libjpeg-turbo. To start with, djpeg in wheezy lacks

Re: Wheezy update of libjpeg6b and libjpeg8?

Hi Sorry. Wrong year in the CVE. The correct CVE is CVE-2017-15232. Sorry for the typo. Best regards // Ola On 16 October 2017 at 12:26, Bill Allombert wrote: > On Sun, Oct 15, 2017 at 08:08:11PM +0200, Ola Lundqvist wrote: >> Dear maintainer, >> >> The

Re: Wheezy update of libjpeg6b and libjpeg8?

On Sun, Oct 15, 2017 at 08:08:11PM +0200, Ola Lundqvist wrote: > Dear maintainer, > > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of libjpeg6b and libjpeg8: > https://security-tracker.debian.org/tracker/CVE-2016-15232 Hello Ola,