Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libjpeg-turbo 1:1.5.1-2+deb9u1 (source) into oldstable
Date: Fri, 31 Jul 2020 17:40:12 +0000
Signed by: Adrian Bunk <bunk@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Jul 2020 08:53:14 +0300
Source: libjpeg-turbo
Binary: libjpeg-dev libjpeg62-turbo-dev libjpeg62-turbo libturbojpeg0 libturbojpeg0-dev libjpeg-turbo-progs
Architecture: source
Version: 1:1.5.1-2+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Ondřej Surý <ondrej@debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Description:
 libjpeg-dev - Development files for the JPEG library [dummy package]
 libjpeg-turbo-progs - Programs for manipulating JPEG files
 libjpeg62-turbo - libjpeg-turbo JPEG runtime library
 libjpeg62-turbo-dev - Development files for the libjpeg-turbo JPEG library
 libturbojpeg0 - TurboJPEG runtime library - SIMD optimized
 libturbojpeg0-dev - Development files for the TurboJPEG library
Changes:
 libjpeg-turbo (1:1.5.1-2+deb9u1) stretch-security; urgency=medium
 .
   * Non-maintainer upload by the LTS team.
   * CVE-2018-1152: Denial of service vulnerability caused by a
     divide by zero when processing a crafted BMP image in TJBench.
   * CVE-2018-14498: Denial of service (heap-based buffer
     over-read and application crash) via a crafted 8-bit BMP
     in which one or more of the color indices is out of range
     for the number of palette entries.
   * CVE-2020-13790: Heap-based buffer over-read via a malformed
     PPM input file.
   * CVE-2020-14152: jpeg_mem_available() does not honor the
     max_memory_to_use setting, possibly causing excessive
     memory consumption.
Checksums-Sha1:
 b0f25b0a6ba73655fb31e573669cb57c4716755e 2332 libjpeg-turbo_1.5.1-2+deb9u1.dsc
 ebb3f9e94044c77831a3e8c809c7ea7506944622 1650647 libjpeg-turbo_1.5.1.orig.tar.gz
 09407e22e297f912949133113c1db4d0bee763d2 85132 libjpeg-turbo_1.5.1-2+deb9u1.debian.tar.xz
Checksums-Sha256:
 c279f540af20efed9482a9e57b3878d4095c2249e7564b1805f24f6190b0fb63 2332 libjpeg-turbo_1.5.1-2+deb9u1.dsc
 41429d3d253017433f66e3d472b8c7d998491d2f41caa7306b8d9a6f2a2c666c 1650647 libjpeg-turbo_1.5.1.orig.tar.gz
 a8655688837fafbdef3922619e5f5a3c73956626ccbcfe89c7821d2b6e682b7c 85132 libjpeg-turbo_1.5.1-2+deb9u1.debian.tar.xz
Files:
 438e941f97dfa551fc772dcbd3ebafce 2332 graphics optional libjpeg-turbo_1.5.1-2+deb9u1.dsc
 55deb139b0cac3c8200b75d485fc13f3 1650647 graphics optional libjpeg-turbo_1.5.1.orig.tar.gz
 5f291aada1790a936902b0cced0162ce 85132 graphics optional libjpeg-turbo_1.5.1-2+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl8kUusACgkQiNJCh6LY
mLGoxhAAqtkOGMlKMIa8tiCx0OVC3ZffjN48/Z7Ivq5aukREZzth+h7CtZrlnPmV
UDEtYGaWMxbs5jVb+YLzugEYJIy93raoN/tQkxwKE2bkY7g+pZabQ7+HZsQmSpUe
E8bLfCT1xkYTdPUyv6V3waXETRIQSlRmM6surpRLQ9A4Hzc2j7AJORaCNg2KSTiv
VGlFcTZLtVZEoSJ93ZpY2fSxly791j35CQgHNJk0aGSnB5SuGIDZbIg4+89dB+93
GfhUlNgqNXSkTP7MCjys6ynUsQrt7GaximZi+R3giAvKQgtlvNB+WF83Os5IGJMG
aRPO486jc2jk4AWHKsEuZ57fpWIY/m33kwGaGxR2Azb+xCdpFUWigjj0CoEArIvp
lth1VlJskMZRvDH79rhBhwaV0CKRVv+T+sTvGuSK7o2ncJ9XoDtpK6p40qJ+VSy5
xeQJ2C4jN1RwZniHFBATC759N0U56itdKTqj8bWRwrj24RV6k/9yJ+Xg0F5sggeF
LeWovlSVlzanciazAiUn4Aonb4mkrruKfnnNIk0W3DG7nmsMsxxiRECn43Tc/j0s
c6GjFqdKbUvsbtNLdnETYSdy17ukccfe3ZbuO1NAATWoZiW0mde1P73poaW7dKDj
z8VhnDch4Q+zWoFdRUbkOwQe3EEmAeNqlxoYizXzPQAEo5QgdfI=
=k0Yi
-----END PGP SIGNATURE-----
News for package libjpeg-turbo
