Bug 30886

Once again assigning this to NicolasS who did the last CVE update on this pkg. No other individual packager 'visible'.

Assignee: bugsquad => nicolas.salguero

(In reply to David Walser from comment #0)
> The fix isn't included in 2.0.8, but we should also update it to that:

In fact, after comparing the patch and the code in version 2.0.8, I can say that the patch is included.

CC: (none) => nicolas.salguero

Suggested advisory:
========================

The updated packages fix a security vulnerability:

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. (CVE-2021-46822)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46822
https://ubuntu.com/security/notices/USN-5631-1
https://github.com/libjpeg-turbo/libjpeg-turbo/blob/2.0.8-esr/ChangeLog.md
========================

Updated packages in core/updates_testing:
========================
jpeg-progs-2.0.8-1.mga8
lib(64)jpeg62-2.0.8-1.mga8
lib(64)jpeg8-2.0.8-1.mga8
lib(64)jpeg-devel-2.0.8-1.mga8
lib(64)jpeg-static-devel-2.0.8-1.mga8
lib(64)turbojpeg0-2.0.8-1.mga8

from SRPM:
libjpeg-2.0.8-1.mga8.src.rpm

CVE: (none) => CVE-2021-46822
Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs
Status comment: Patches available from upstream and Ubuntu => (none)

Are you sure?  It wasn't in the list of commits between 2.0.7 and 2.0.8.

I found this commit: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/5b56c7f80817955daa60d8b60644d0a5a0caa90a, which corresponds to https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2 and dates before release of version 2.0.7 so I think not only 2.0.8 is not affected but also version 2.0.7.

MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Tests as in bug 30500 Comment 1.
$ wrjpgcom -comment "Experimental comment for  QA"    D053.jpg  > withcomment.jpg
$ ls -als
total 356
  4 drwxr-xr-x 2 tester8 tester8   4096 Sep 26 15:55 ./
  4 drwxr-xr-x 4 tester8 tester8   4096 Sep 26 15:53 ../
124 -rw-r--r-- 1 tester8 tester8 125795 Oct 18  2017 D053.jpg
100 -rw-r--r-- 1 tester8 tester8  99741 Oct 18  2017 D078.jpg
124 -rw-r--r-- 1 tester8 tester8 125827 Sep 26 15:55 withcomment.jpg
[tester8@mach7 19761105TrouwLodeNoella]$ rdjpgcom withcomment.jpg
Experimental comment for  QA
$ jpegtran -flip horizontal D078.jpg > flipped.jpg
$ ls
D053.jpg  D078.jpg  flipped.jpg  withcomment.jpg
In other folder
$ jpegtran -flip vertical  P2061409.JPG > upsidedown.jpg
$ ls
blad.odg       P2061410.JPG*  P2061412.JPG*  P2061414.JPG*  P2061416.JPG*  P2061418.JPG*  upsidedown.jpg
P2061409.JPG*  P2061411.JPG*  P2061413.JPG*  P2061415.JPG*  P2061417.JPG*  P2061419.JPG*
Switching folders
$ jpegtran -transpose  D053.jpg  > work1.jpg
$ jpegtran -transverse D053.jpg > work2.jpg
$ jpegtran -grayscale   P2061409.JPG > greyscale.jpg
$ jpegtran -perfect -rotate 90 work1.jpg > work3.jpg
jpegtran: transformation is not perfect
The resulting file is not a valid image file
$ jpegtran -rotate 90 work1.jpg > work3.jpg
$ jpegtran -crop 800x640+300+200  D053.jpg > work4.jpg

All resulting files look OK as images.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Validating. Advisory in Comment 3.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0353.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED