CVE-2017-15232 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15232): libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
ping... does 1.5.3 have a fix?
Yes, this was fixed by 5bc43c7821df982f65aa1c738f67fbf7cba8bd69 and made it into 1.5.3
(In reply to tt_1 from comment #2) > Yes, this was fixed by 5bc43c7821df982f65aa1c738f67fbf7cba8bd69 and made it > into 1.5.3 Indeed it did. Thank you!
Repository is clean, all done!