diff options
author | Sylvain Beucler <beuc@beuc.net> | 2022-05-23 18:32:26 +0200 |
---|---|---|
committer | Sylvain Beucler <beuc@beuc.net> | 2022-05-23 18:32:53 +0200 |
commit | 02b034786cdc32eaec3a87cd3cb1a155f034da2e (patch) | |
tree | f23f9d29114cb6cc28c8d1ae9fb1021574ace532 | |
parent | 6ac6ae1698dee8626addd189792300fb6a53ff65 (diff) |
dla: add libjpeg-turbo
-rw-r--r-- | data/CVE/list | 2 | ||||
-rw-r--r-- | data/dla-needed.txt | 6 |
2 files changed, 6 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list index 393a0e2a42..ab53e947cd 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -143792,7 +143792,7 @@ CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer {DLA-2302-1} - libjpeg-turbo 1:2.0.5-1 (bug #962829) [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1 - [jessie] - libjpeg-turbo <ignored> (No package in Debian jessie uses the TurboJPEG API) + [jessie] - libjpeg-turbo <ignored> (No other package in Debian jessie uses the TurboJPEG API or the TurboJPEG CLI tools) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1bfb0b5247f4fc8f6677639781ce468543490216 (1.5.x) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a (2.0.x) diff --git a/data/dla-needed.txt b/data/dla-needed.txt index cf76bea365..957fe87c72 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -112,9 +112,13 @@ lemonldap-ng NOTE: 20220523: Harmonize with Debian 10.4 (1 CVE) and 10.5 (regression fix) (Beuc/front-desk) -- libdbi-perl - NOTE: 20220523: Harmonize with Debian 10.8 (CVE-2014-10402 is a follow-up to CVE-2014-10401 (Beuc/front-desk) + NOTE: 20220523: Harmonize with Debian 10.8 (CVE-2014-10402 is a follow-up to CVE-2014-10401 NOTE: 20220523: which was fixed before stretch, buster's debian/changelog is incorrect) (Beuc/front-desk) -- +libjpeg-turbo + NOTE: 20220523: Harmonize with Debian 10.7 (only 1 CVE but last + NOTE: 20220523: stretch update back in 2020 and possible RCE) (Beuc/front-desk) +-- liblouis NOTE: 20220320: no patch available yet. Reproducible memory leaks with ASAN NOTE: 20220320: and POC. Consider fixing CVE-2018-17294 too. |