[ubuntu/cosmic-proposed] libjpeg-turbo 1.5.2-0ubuntu6 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Jul 5 19:21:12 UTC 2018 

libjpeg-turbo (1.5.2-0ubuntu6) cosmic; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference via JPEG image
    - debian/patches/CVE-2017-15232-1.patch: exit gracefully with non-PPM
      formats in djpeg.1, djpeg.c.
    - debian/patches/CVE-2017-15232-2.patch: add further partial image
      decompression fixes in cdjpeg.h, djpeg.1, djpeg.c, jdapistd.c,
      wrbmp.c, wrgif.c, wrppm.c, wrppm.h, wrrle.c, wrtarga.c.
    - CVE-2017-15232
  * SECURITY UPDATE: division by zero via BMP image
    - debian/patches/CVE-2018-1152.patch: add size check in rdbmp.c.
    - CVE-2018-1152

Date: Thu, 05 Jul 2018 14:53:32 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libjpeg-turbo/1.5.2-0ubuntu6
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 05 Jul 2018 14:53:32 -0400
Source: libjpeg-turbo
Binary: libjpeg-turbo8-dev libjpeg-turbo8 libturbojpeg libturbojpeg0-dev libjpeg-turbo-progs libjpeg-turbo8-dbg libjpeg-turbo-test
Architecture: source
Version: 1.5.2-0ubuntu6
Distribution: cosmic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libjpeg-turbo-progs - Programs for manipulating JPEG files
 libjpeg-turbo-test - Program for benchmarking and testing libjpeg-turbo
 libjpeg-turbo8 - IJG JPEG compliant runtime library.
 libjpeg-turbo8-dbg - Debugging symbols for the libjpeg-turbo library
 libjpeg-turbo8-dev - Development files for the IJG JPEG library
 libturbojpeg - IJG JPEG compliant runtime library.
 libturbojpeg0-dev - Development files for the TurboJPEG library
Changes:
 libjpeg-turbo (1.5.2-0ubuntu6) cosmic; urgency=medium
 .
   * SECURITY UPDATE: NULL pointer dereference via JPEG image
     - debian/patches/CVE-2017-15232-1.patch: exit gracefully with non-PPM
       formats in djpeg.1, djpeg.c.
     - debian/patches/CVE-2017-15232-2.patch: add further partial image
       decompression fixes in cdjpeg.h, djpeg.1, djpeg.c, jdapistd.c,
       wrbmp.c, wrgif.c, wrppm.c, wrppm.h, wrrle.c, wrtarga.c.
     - CVE-2017-15232
   * SECURITY UPDATE: division by zero via BMP image
     - debian/patches/CVE-2018-1152.patch: add size check in rdbmp.c.
     - CVE-2018-1152
Checksums-Sha1:
 92cfd35b376d059b1bdaeb343db70e1a9569d40a 2359 libjpeg-turbo_1.5.2-0ubuntu6.dsc
 36fd231d37e47256b744d9321f938524f906c7e7 29480 libjpeg-turbo_1.5.2-0ubuntu6.debian.tar.xz
 c6df727b4f9da4a6f13ac8b8f9d67fec11e41171 5736 libjpeg-turbo_1.5.2-0ubuntu6_source.buildinfo
Checksums-Sha256:
 c462e5a7bd6f8b27b8cc5d64a2055e842c1634f945cf9c3e4bc0631be5085178 2359 libjpeg-turbo_1.5.2-0ubuntu6.dsc
 0098a622e16863a74b3ec083aae2e4ebb29284c960d9754442bd5f179da70e86 29480 libjpeg-turbo_1.5.2-0ubuntu6.debian.tar.xz
 a3252ad5dc835fc8a9c6a68b195fe9246161104cf60b608b7dd7d231e5313050 5736 libjpeg-turbo_1.5.2-0ubuntu6_source.buildinfo
Files:
 072074a41ad6ad55cbf0c67fd6526912 2359 graphics optional libjpeg-turbo_1.5.2-0ubuntu6.dsc
 ebb41b0f45b96c63b6c69991e256507c 29480 graphics optional libjpeg-turbo_1.5.2-0ubuntu6.debian.tar.xz
 ad105892e47f9f7a5e9826a100380d70 5736 graphics optional libjpeg-turbo_1.5.2-0ubuntu6_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAls+bwAACgkQZWnYVadE
vpNcUA/7Bc+tXNGrvDnwdIy62yMChBwYL8T1zjyADVgJWdVYq16ATsYnjHMPSICX
K75fQiqTDQpu0k0fgVB/uwsfZ4LYtZWJlUlOQkfOolTiGSxZM7Xq+coWVC5eVELq
RN+vScv8LSfrDycfFgNg3YH5rPG8HK7wvlsxKX8/YFdP9fC95HrGtiYglJMjQw1o
gmgHP29IWi+E1S3acIzC0oWmZ2rpW2Xs6oGxgpoNZorF/03Yl7YIrJ1c/pZTy/nT
8YSXRIQF4Kf3mCFKvV7pjNo6IUg+la3wvXR6q/hmLlbx0jeTY4ekIiSE/6DqsMDG
yPx640Is8dEn7sRbUcYu0wdC77HeET5k1qljfsnGa/2wb0OINTS717L7NGjgl76b
ZQUJvpEgEojnv54mr+C7op9PAHM/PJQRhPzPsPPldyo+Quf2wxH0pk8dyH1ZtnmJ
wJJ4xBnxuq98h6uGejiQz22fpm9Vo+FVa9czxuVJC6MuOPYI2hWtEi2ZBxti//6X
nJ0wuztSERSb0SayVF3Lg9plChbn0iyyoqYuB7d2Y/MOZepJv1xk6Uz8aHnrHNZE
zUEptvSjpPkCffBbC0UUbPOFlG6W3OdhSW0FguFw79FDloGxoLJ+AJDJS0H8tgLb
7RND13tQqijc3xJ4exSqAnFqG+XKH8ZRJc8Kdr1Iv1+eukAy1+g=
=6KY+
-----END PGP SIGNATURE-----

More information about the Cosmic-changes mailing list