Hi Bill
What I did was to check that the vulnerable code was there (patch
looks like it can apply). I did not look into whether the code could
actually be triggered.
Best regards
// Ola
On 16 October 2017 at 13:54, Bill Allombert wrote:
> On Mon, Oct 16, 2017 at
On Mon, Oct 16, 2017 at 01:54:34PM +0200, Bill Allombert wrote:
> On Mon, Oct 16, 2017 at 01:44:14PM +0200, Ola Lundqvist wrote:
> > Hi
> >
> > Sorry. Wrong year in the CVE.
> >
> > The correct CVE is CVE-2017-15232.
>
> Yes, I finally found it. Any evidence it affects libjpeg ? For all I
>
On Mon, Oct 16, 2017 at 01:44:14PM +0200, Ola Lundqvist wrote:
> Hi
>
> Sorry. Wrong year in the CVE.
>
> The correct CVE is CVE-2017-15232.
Yes, I finally found it. Any evidence it affects libjpeg ? For all I
see it relies on code added to libjpeg-turbo.
To start with, djpeg in wheezy lacks
Hi
Sorry. Wrong year in the CVE.
The correct CVE is CVE-2017-15232.
Sorry for the typo.
Best regards
// Ola
On 16 October 2017 at 12:26, Bill Allombert
wrote:
> On Sun, Oct 15, 2017 at 08:08:11PM +0200, Ola Lundqvist wrote:
>> Dear maintainer,
>>
>> The
On Sun, Oct 15, 2017 at 08:08:11PM +0200, Ola Lundqvist wrote:
> Dear maintainer,
>
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of libjpeg6b and libjpeg8:
> https://security-tracker.debian.org/tracker/CVE-2016-15232
Hello Ola,