Source: libjpeg-turbo Version: 1:1.3.1-12 Severity: important Tags: upstream security
Hi, the following vulnerability was published for libjpeg-turbo. CVE-2017-9614[0]: | The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 | allows remote attackers to cause a denial of service (invalid memory | access and application crash) or possibly have unspecified other impact | via a crafted jpg file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9614 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9614 [1] http://seclists.org/fulldisclosure/2017/Jul/66 Please adjust the affected versions in the BTS as needed. Could you please as well check this if it's preported upstream? Regards, Salvatore
