[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of libjpeg6b and libjpeg8?

On Mon, Oct 16, 2017 at 01:54:34PM +0200, Bill Allombert wrote:
> On Mon, Oct 16, 2017 at 01:44:14PM +0200, Ola Lundqvist wrote:
> > Hi
> > 
> > Sorry. Wrong year in the CVE.
> > 
> > The correct CVE is CVE-2017-15232.
> Yes, I finally found it.  Any evidence it affects libjpeg ? For all I
> see it relies on code added to libjpeg-turbo.
> To start with, djpeg in wheezy lacks the -crop option.

The upstream maintainer of libjpeg confirmed to me that this CVE do not
apply to any IJG libjpeg libraries.

Bill. <ballombe@debian.org>

Imagine a large red swirl here. 

Reply to: