FS#38094 : [libjpeg-turbo/lib32-libjpeg-turbo] security patch for CVE-2013-6629 and CVE-2013-6629

FS#38094 - [libjpeg-turbo/lib32-libjpeg-turbo] security patch for CVE-2013-6629 and CVE-2013-6629

Attached to Project: Arch Linux
Opened by RbN (RbN) - Tuesday, 10 December 2013, 18:38 GMT
Last edited by Gaetan Bisson (vesath) - Wednesday, 11 December 2013, 04:57 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Florian Pritz (bluewind) Gaetan Bisson (vesath)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description (packet storm [0]):
jpeg6b and some of its optimized clones (e.g., libjpeg-turbo) will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb).

CVE-2013-6629 ticket in RedHat bugzilla [1]
CVE-2013-6630 ticket in RedHat bugzilla [2]

Resolution:
upstream patch [3]

Ressources:
[0] http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1031734
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1031749
[3] http://sourceforge.net/p/libjpeg-turbo/code/1090/

This task depends upon

Closed by Gaetan Bisson (vesath)
Wednesday, 11 December 2013, 04:57 GMT
Reason for closing: Fixed
Additional comments about closing: libjpeg-turbo-1.3.0-4 in [extra]

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#38094 - [libjpeg-turbo/lib32-libjpeg-turbo] security patch for CVE-2013-6629 and CVE-2013-6629

Details

Loading...