[SECURITY] [DLA 1719-1] libjpeg-turbo security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1719-1] libjpeg-turbo security update
From: "Chris Lamb" <lamby@debian.org>
Date: Mon, 18 Mar 2019 15:11:26 -0400
Message-id: <[🔎] 6dd4cfd2-80a9-4f82-97df-efbe171f5755@www.fastmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libjpeg-turbo
Version        : 1:1.3.1-12+deb8u2
CVE ID         : CVE-2018-14498
Debian Bug     : #924678

It was discovered that there was a denial of service vulnerability in
the libjpeg-turbo CPU-optimised JPEG image library. A heap-based
buffer over-read could be triggered by a specially-crafted bitmap
(BMP) file.

For Debian 8 "Jessie", this issue has been fixed in libjpeg-turbo
version 1:1.3.1-12+deb8u2.

We recommend that you upgrade your libjpeg-turbo packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlyP7UQACgkQHpU+J9Qx
HljTZhAAuGWwBEfN5h45N6Xe+m9zYUNKy8mC3w47jbJNdhcf9S2rQjdQ4Qw9Fuwc
inff+c9aDpXMUpAn/s/ZQun7RFejuWC1HQJK06EaVbhPUOxB/lb4JdQ7Sd5VvyfU
lDfYd7VIZ+vwK+zqqzyN1v5GzQ6Sj/o34EIkOpYObpC2OavosXMFGKpr7GANBsPC
QeFKAqqMdugCW8e/09BQyBuDfQbEWtqUjrZTqBDgpODJ/2uO04bmunjI/ISWYWSh
Ru2apcRJaN7qIKbNqV2fuwTQvq1HnGtksGXPOPzWopdCPuriLXQmMOVXsSAPZDQ1
odPideJHmOwP8KPf63je3Rauy9ZHjbBeAGsb9e74qbVCx94g7R4Ii6Vci9LscXcG
tMyvNwUX3/iIP9HMsiLPqpCGqDkg5tDucBluiYs+cTL5N6xjFvMr8Qkm6qmCChAs
NAK7Y9QAc36+xH4ydIjlYwxMicBu3qvF6QSzuiZh+H6u1pXFgQPp59O9ASajTUF7
6aRBXzcbOUcJh2nHEmShP+XJpUmPsdehkYYKsnADBPUuUjkl6XqvnObWHVJBNyQq
/FtsxhFVPl/OpGNTuZ0euxr+xBlqrQOSXxiHkXo1yBQ3PP3Bsv2gFkeWi+trL5fB
X9BppMMJ+FrYMT1Omzi+R0Sl3SWU2cOIpnzcIJ6w48KC0+UXNMg=
=2tm6
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1718-1] sqlalchemy security update
Next by Date: [SECURITY] [DLA 1720-1] liblivemedia security update
Previous by thread: [SECURITY] [DLA 1718-1] sqlalchemy security update
Next by thread: [SECURITY] [DLA 1720-1] liblivemedia security update
Index(es):
- Date
- Thread