Hi,
Thanks for preparing the debiff. However, this issue was addressed in
the interim in USN 3706-1 http://www.ubuntu.com/usn/usn-3706-1 (libjpeg-
turbo 1.3.0-0ubuntu2.1) for trusty.
Thanks again.
** Changed in: libjpeg-turbo (Ubuntu Trusty)
Status: Confirmed => Fix Released
** Changed
Security sponsors should be subscribed, not just sponsors.
It should get attention soon.
Thanks.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libjpeg-turbo in Ubuntu.
https://bugs.launchpad.net/bugs/1385903
Title:
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libjpeg-turbo in Ubuntu.
https://bugs.launchpad.net/bugs/1385903
Title:
imagemagick crashes with "stack smashing
Vivid EOL as per:
https://wiki.ubuntu.com/Releases
** Changed in: libjpeg-turbo (Ubuntu Vivid)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libjpeg-turbo in Ubuntu.
Precise EOL as per:
https://wiki.ubuntu.com/Releases
** Changed in: libjpeg-turbo (Ubuntu Precise)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libjpeg-turbo in Ubuntu.
The attachment "Debdiff, adapted from Debian 1:1.3.1-11" seems to be a
debdiff. The ubuntu-sponsors team has been subscribed to the bug report
so that they can review and hopefully sponsor the debdiff. If the
attachment isn't a patch, please remove the "patch" flag from the
attachment, remove
Suggest increasing the importance of this bug, considering it has a CVE
assignment? I realize that it's a DoS, which is low on the
"vulnerability" totem pole; but especially with buffer overruns I tend
to suspect that "DoS" is code for "might allow code execution but no
one's bothered to prove
I've supplied a debdiff to address the fix for this CVE, based on
upstream Debian's fix.
** Patch added: "Debdiff, adapted from Debian 1:1.3.1-11"
https://bugs.launchpad.net/ubuntu/+source/libjpeg-turbo/+bug/1385903/+attachment/5009069/+files/libjpeg-turbo.diff
--
You received this bug
utopic has seen the end of its life and is no longer receiving any
updates. Marking the utopic task for this ticket as "Won't Fix".
** Changed in: libjpeg-turbo (Ubuntu Utopic)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch
This is CVE-2014-9092
** Package changed: imagemagick (Ubuntu) = libjpeg-turbo (Ubuntu)
** Changed in: libjpeg-turbo (Ubuntu)
Importance: Undecided = Low
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9092
** Also affects: libjpeg-turbo (Ubuntu Vivid)
Importance:
10 matches
Mail list logo