[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of libjpeg6b and libjpeg8?

Hi Bill

What I did was to check that the vulnerable code was there (patch
looks like it can apply). I did not look into whether the code could
actually be triggered.

Best regards

// Ola

On 16 October 2017 at 13:54, Bill Allombert <ballombe@debian.org> wrote:
> On Mon, Oct 16, 2017 at 01:44:14PM +0200, Ola Lundqvist wrote:
>> Hi
>>
>> Sorry. Wrong year in the CVE.
>>
>> The correct CVE is CVE-2017-15232.
>
> Yes, I finally found it.  Any evidence it affects libjpeg ? For all I
> see it relies on code added to libjpeg-turbo.
> To start with, djpeg in wheezy lacks the -crop option.
>
> Cheers,
> --
> Bill. <ballombe@debian.org>
>
> Imagine a large red swirl here.



-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------
Reply to: