Hi Salvatore, Am Thu, Jul 27, 2017 at 07:03:18PM +0200, schrieb Salvatore Bonaccorso: > Source: libjpeg-turbo > Version: 1:1.3.1-12 > Severity: important > Tags: upstream security > > Hi, > > the following vulnerability was published for libjpeg-turbo. > > CVE-2017-9614[0]: > | The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 > | allows remote attackers to cause a denial of service (invalid memory > | access and application crash) or possibly have unspecified other impact > | via a crafted jpg file. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-9614 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9614 > [1] http://seclists.org/fulldisclosure/2017/Jul/66 > > Please adjust the affected versions in the BTS as needed. > > Could you please as well check this if it's preported upstream? > > Regards, > Salvatore >
Can we close this bug for libjpeg-turbo? According to the upstream issue [1] this is not caused by libjpeg-turbo. [1] https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167 Mike -- DAS-NETZWERKTEAM Mike Gabriel, Herweg 7, 24357 Fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x9AF46B3025771B31 mail: [email protected], http://das-netzwerkteam.de
signature.asc
Description: PGP signature
