Re: Wheezy update of libjpeg6b and libjpeg8?
On Mon, Oct 16, 2017 at 01:54:34PM +0200, Bill Allombert wrote:
> On Mon, Oct 16, 2017 at 01:44:14PM +0200, Ola Lundqvist wrote:
> > Hi
> > Sorry. Wrong year in the CVE.
> > The correct CVE is CVE-2017-15232.
> Yes, I finally found it. Any evidence it affects libjpeg ? For all I
> see it relies on code added to libjpeg-turbo.
> To start with, djpeg in wheezy lacks the -crop option.
The upstream maintainer of libjpeg confirmed to me that this CVE do not
apply to any IJG libjpeg libraries.
Imagine a large red swirl here.