Bug 23308

Summary: libjpeg new security issues CVE-2016-3616 and CVE-2018-1121[2-4]
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: marja11
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: libjpeg-1.3.1-4.3.mga5.src.rpm CVE:
Status comment:

Description David Walser 2018-07-16 20:25:00 CEST 
Ubuntu has issued an advisory on July 9:
https://usn.ubuntu.com/3706-1/

The issues were fixed in commits linked from the Ubuntu CVE pages:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/82923eb93a2eacf4a593e00e3e672bbb86a8a3a0

These sound like relatively unimportant issues.  We probably won't fix them.
Comment 1 Marja Van Waes 2018-07-17 15:26:14 CEST 
Assigning to all packagers collectively, since there is no registered maintainer for this package.

CC: (none) => marja11
Assignee: bugsquad => pkg-bugs

Comment 2 Marja Van Waes 2018-10-02 10:33:57 CEST 
Closing as OLD, since Mga5 is really EOL now.

Resolution: (none) => OLD
Status: NEW => RESOLVED