FS#38094 - [libjpeg-turbo/lib32-libjpeg-turbo] security patch for CVE-2013-6629 and CVE-2013-6629
Attached to Project:
Arch Linux
Opened by RbN (RbN) - Tuesday, 10 December 2013, 18:38 GMT
Last edited by Gaetan Bisson (vesath) - Wednesday, 11 December 2013, 04:57 GMT
Opened by RbN (RbN) - Tuesday, 10 December 2013, 18:38 GMT
Last edited by Gaetan Bisson (vesath) - Wednesday, 11 December 2013, 04:57 GMT
|
Details
Description (packet storm [0]):
jpeg6b and some of its optimized clones (e.g., libjpeg-turbo) will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb). CVE-2013-6629 ticket in RedHat bugzilla [1] CVE-2013-6630 ticket in RedHat bugzilla [2] Resolution: upstream patch [3] Ressources: [0] http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html [1] https://bugzilla.redhat.com/show_bug.cgi?id=1031734 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1031749 [3] http://sourceforge.net/p/libjpeg-turbo/code/1090/ |
This task depends upon
Closed by Gaetan Bisson (vesath)
Wednesday, 11 December 2013, 04:57 GMT
Reason for closing: Fixed
Additional comments about closing: libjpeg-turbo-1.3.0-4 in [extra]
Wednesday, 11 December 2013, 04:57 GMT
Reason for closing: Fixed
Additional comments about closing: libjpeg-turbo-1.3.0-4 in [extra]