[ubuntu/groovy-proposed] libjpeg-turbo 2.0.3-0ubuntu2 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Wed Jun 10 14:54:13 UTC 2020
libjpeg-turbo (2.0.3-0ubuntu2) groovy; urgency=medium
* SECURITY UPDATE: Heap-based buffer over-read
- debian/patches/CVE-2020-13790.patch: fix buf overrun caused
by bad binary PPM in rdppm.c.
- CVE-2020-13790
Date: Thu, 04 Jun 2020 13:06:27 -0300
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libjpeg-turbo/2.0.3-0ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 04 Jun 2020 13:06:27 -0300
Source: libjpeg-turbo
Architecture: source
Version: 2.0.3-0ubuntu2
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Leonidas S. Barbosa <leo.barbosa at canonical.com>
Changes:
libjpeg-turbo (2.0.3-0ubuntu2) groovy; urgency=medium
.
* SECURITY UPDATE: Heap-based buffer over-read
- debian/patches/CVE-2020-13790.patch: fix buf overrun caused
by bad binary PPM in rdppm.c.
- CVE-2020-13790
Checksums-Sha1:
ef8b086a4cf5ddfc6c9f7b6777d38184bae68269 2305 libjpeg-turbo_2.0.3-0ubuntu2.dsc
1347c0bbbce9df718edcbfb003eeee5409cdc2e5 18208 libjpeg-turbo_2.0.3-0ubuntu2.debian.tar.xz
29f518edeaeae1bf9bc719b169fc8f1838b52d90 9454 libjpeg-turbo_2.0.3-0ubuntu2_source.buildinfo
Checksums-Sha256:
f18be4c82879a4ce202626fafff5dc523ccfd5f504b16e41493b60c33964fa07 2305 libjpeg-turbo_2.0.3-0ubuntu2.dsc
4d49d9411736b319d1fc21c8d23740bd5a30f7ffbe9aff2470d52ce8ba022190 18208 libjpeg-turbo_2.0.3-0ubuntu2.debian.tar.xz
13b31849c72f4925b3c124d5f601296499b400ce503f81d7b6da36db48407451 9454 libjpeg-turbo_2.0.3-0ubuntu2_source.buildinfo
Files:
7ff0df69ad2d4c2f23a1aa0cb5fc819c 2305 graphics optional libjpeg-turbo_2.0.3-0ubuntu2.dsc
f2e247d4cfbb42e29b4b65ef7cfeb81d 18208 graphics optional libjpeg-turbo_2.0.3-0ubuntu2.debian.tar.xz
01c298f876c05116b09e449af401d0ad 9454 graphics optional libjpeg-turbo_2.0.3-0ubuntu2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl7g8xoACgkQZWnYVadE
vpNPZQ//fYZo8Z3aw3R8zKkp/RQG+Mgo/DaYNog4fNJ6EviZVDSB0GpiQuxCxAbf
kb4PLeVupCN/CSjvoau1RcLV87nJwUsUHiVuojU1jsTPLqP3E9kGcN2lTfFWkogI
yQe6S6PtyhI85yYYc4zi3k9Fr7k8CXRSiu9w82eQ9eaR92tf5XYSmf1B/K7S8O03
H/daO1y2FHAF78IGjGPz4uZGDDp/a3w21+6mP7i9ZJ2GPkaLRxDPSvfz9je5rMZN
97vIJHjogx/QnkEO+N0/BPIUyYPyT8i/VAyVH1n/Bc5wPwrM1d235rUGe+4bNOmz
KE+8o9A9v2PwcEakzE3x1TKiz5Qn23TgvKwX23vmlCBWyMWD124MlNeca65SFxKZ
NIxZ+tXd0Zwkp72Gd+FgpmIiOi++T/hzxREWeHnGw7NrcywqaxtZbcho2SCVODIS
SlQ+vHEuh0/foD3kIAVvlCJOB07Uob0og5xE9XksyICBoq3lSIrbG1r+ST8YzxeC
gc+aAKzY5I5Oz45cKZuHBJnmwns89iqi3WD3adJv8fT0L/SOzkF9aDtQKiQjjk4t
2HAtkOFctrVUVGtp+Y3NhLruntoanAFar7X5eMVD5uRsNnfGV9ax6R0GPIQhyIDo
5zHRSpA+oGHK1DyRocHiN4fQEnl2tPtgEz7XkGdgIirMElj9Q1E=
=fZA7
-----END PGP SIGNATURE-----
More information about the Groovy-changes
mailing list