23308 – libjpeg new security issues CVE-2016-3616 and CVE-2018-1121[2-4]

Bug 23308 - libjpeg new security issues CVE-2016-3616 and CVE-2018-1121[2-4]

Summary: libjpeg new security issues CVE-2016-3616 and CVE-2018-1121[2-4]

Status:	RESOLVED OLD

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	5
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	All Packagers
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-07-16 20:25 CEST by David Walser
Modified:	2018-10-02 10:33 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:	libjpeg-1.3.1-4.3.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-07-16 20:25:00 CEST

Ubuntu has issued an advisory on July 9:
https://usn.ubuntu.com/3706-1/

The issues were fixed in commits linked from the Ubuntu CVE pages:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/82923eb93a2eacf4a593e00e3e672bbb86a8a3a0

These sound like relatively unimportant issues.  We probably won't fix them.

Comment 1 Marja Van Waes 2018-07-17 15:26:14 CEST

Assigning to all packagers collectively, since there is no registered maintainer for this package.

CC: (none) => marja11
Assignee: bugsquad => pkg-bugs

Comment 2 Marja Van Waes 2018-10-02 10:33:57 CEST

Closing as OLD, since Mga5 is really EOL now.

Resolution: (none) => OLD
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.