On Thu, Aug 18, 2022 at 11:29:44AM +0100, Neil Williams wrote: > Source: jpegqs > Severity: important > Tags: security upstream
> The following vulnerability was published for jpegqs. > > CVE-2022-35434[0]: > | jpeg-quantsmooth before commit 8879454 contained a floating point > | exception (FPE) via /jpeg-quantsmooth/jpegqs+0x4f5d6c. Hi, I don't quite see why that would be a security issue. Crashing on a corrupted image is not nice, but the result is hardly different from failing with a proper error message. The division by zero is not something that can be exploited further. The package hasn't yet been a part of a stable release, though, thus either way a regular upload to unstable should be enough. If there's anything else I need to do, please shout. > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2022-35434 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35434 Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋⠀ You're alive. But that's just a phase. ⠈⠳⣄⠀⠀⠀⠀
