Re: Wheezy update of libjpeg6b and libjpeg8?

To: Bill Allombert <ballombe@debian.org>
Cc: Ola Lundqvist <ola@inguza.com>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: Wheezy update of libjpeg6b and libjpeg8?
From: Bill Allombert <ballombe@debian.org>
Date: Mon, 16 Oct 2017 16:17:22 +0200
Message-id: <[🔎] 20171016141722.GA25637@yellowpig>
In-reply-to: <[🔎] 20171016115434.GA12611@yellowpig>
References: <[🔎] 20171015180811.ui45qwl7pramgwnj@inguza.net> <[🔎] 20171016102634.GA11387@yellowpig> <[🔎] CABY6=0mn8kgHy0apXyiHMYDD7TDyjyPwDK4xpJCmPN2SFQYWYw@mail.gmail.com> <[🔎] 20171016115434.GA12611@yellowpig>

On Mon, Oct 16, 2017 at 01:54:34PM +0200, Bill Allombert wrote:
> On Mon, Oct 16, 2017 at 01:44:14PM +0200, Ola Lundqvist wrote:
> > Hi
> > 
> > Sorry. Wrong year in the CVE.
> > 
> > The correct CVE is CVE-2017-15232.
> 
> Yes, I finally found it.  Any evidence it affects libjpeg ? For all I
> see it relies on code added to libjpeg-turbo.
> To start with, djpeg in wheezy lacks the -crop option.

The upstream maintainer of libjpeg confirmed to me that this CVE do not
apply to any IJG libjpeg libraries.

Cheers,
-- 
Bill. <ballombe@debian.org>

Imagine a large red swirl here.

Reply to:

References:
- Wheezy update of libjpeg6b and libjpeg8?
  - From: Ola Lundqvist <ola@inguza.com>
- Re: Wheezy update of libjpeg6b and libjpeg8?
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux.fr>
- Re: Wheezy update of libjpeg6b and libjpeg8?
  - From: Ola Lundqvist <ola@inguza.com>
- Re: Wheezy update of libjpeg6b and libjpeg8?
  - From: Bill Allombert <ballombe@debian.org>

Prev by Date: Re: Wheezy update of sdl-image1.2?
Next by Date: Re: Wheezy update of libjpeg6b and libjpeg8?
Previous by thread: Re: Wheezy update of libjpeg6b and libjpeg8?
Next by thread: Re: Wheezy update of libjpeg6b and libjpeg8?
Index(es):
- Date
- Thread