Summary: | <media-libs/libjpeg-turbo-1.5.3-r2: multiple vulnerabilities (CVE-2018-{1152,11813}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Florian Schuhmacher <mynt1aa> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | anarchy, graphics+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: |
media-libs/libjpeg-turbo-1.5.3-r2
|
Runtime testing required: | --- |
Description
Florian Schuhmacher
2018-06-21 05:30:02 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6fd7dd5d9d605685ff7f62bebf6f56fd4dbb8b9 commit a6fd7dd5d9d605685ff7f62bebf6f56fd4dbb8b9 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2018-06-21 13:40:08 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2018-06-21 13:45:31 +0000 media-libs/libjpeg-turbo: Revbump to fix division by zero. Bug: https://bugs.gentoo.org/658624 Package-Manager: Portage-2.3.40, Repoman-2.3.9 .../files/libjpeg-turbo-1.5.3-divzero_fix.patch | 18 ++++ .../files/libjpeg-turbo-1.5.90-divzero_fix.patch | 41 +++++++ .../libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild | 120 +++++++++++++++++++++ ....5.90.ebuild => libjpeg-turbo-1.5.90-r1.ebuild} | 8 +- 4 files changed, 185 insertions(+), 2 deletions(-) I suggest to stabilize =media-libs/libjpeg-turbo-1.5.3-r1 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee commit 0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee Author: Jason Zaman <perfinion@gentoo.org> AuthorDate: 2018-08-16 11:01:30 +0000 Commit: Jason Zaman <perfinion@gentoo.org> CommitDate: 2018-08-16 11:02:03 +0000 media-libs/libjpeg-turbo-1.5.3-r2: Fix CVE-2018-11813 libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF https://nvd.nist.gov/vuln/detail/CVE-2018-11813 Bug: https://bugs.gentoo.org/658624 Package-Manager: Portage-2.3.40, Repoman-2.3.9 .../files/libjpeg-turbo-1.5.3-cve-2018-11813.patch | 45 ++++++++++++++++++++++ ...5.3-r1.ebuild => libjpeg-turbo-1.5.3-r2.ebuild} | 1 + 2 files changed, 46 insertions(+) I backported another patch and updated to -r2. Can someone check if more things in the bug need updating amd64 stable arm64 stable sparc done. x86 stable ia64 stable ppc stable ppc64 stable arm stable not yet stabilized for arm, sorry for the noise. arm stable alpha stable. all archs stable hppa stable Security cleanup: commit 1ee86697389926cb234fcac5f250cfba1fc289f5 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Thu Feb 28 11:42:45 2019 media-libs/libjpeg-turbo: Removed old. Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> All done, repository is clean. GLSA Vote: No! |