Bug#729873: marked as done (libjpeg-turbo: CVE-2013-6629 CVE-2013-6630)

Debian Bug Tracking System Fri, 14 Mar 2014 11:21:47 -0700

Your message dated Fri, 14 Mar 2014 18:18:33 +0000
with message-id <[email protected]>
and subject line Bug#729873: fixed in libjpeg-turbo 1.3.0-3
has caused the Debian Bug report #729873,
regarding libjpeg-turbo: CVE-2013-6629 CVE-2013-6630
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
729873: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729873
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: libjpeg-turbo
Severity: important
Tags: security
Justification: user security hole

Originally announced through Google Chrome:
http://googlechromereleases.blogspot.de/2013/11/stable-channel-update.html

More information in this posting by Michal Zalewski:
http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: libjpeg-turbo
Source-Version: 1.3.0-3

We believe that the bug you reported is fixed in the latest version of
libjpeg-turbo, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <[email protected]> (supplier of updated libjpeg-turbo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 14 Mar 2014 18:56:25 +0100
Source: libjpeg-turbo
Binary: libturbojpeg1 libturbojpeg1-dev libjpeg-turbo-test
Architecture: source amd64
Version: 1.3.0-3
Distribution: unstable
Urgency: low
Maintainer: Debian TigerVNC Packaging Team 
<[email protected]>
Changed-By: Mike Gabriel <[email protected]>
Description: 
 libjpeg-turbo-test - Program for testing libjpeg-turbo
 libturbojpeg1 - TurboJPEG runtime library - SIMD optimized
 libturbojpeg1-dev - Development files for the turbo JPEG library
Closes: 729873
Changes: 
 libjpeg-turbo (1.3.0-3) unstable; urgency=low
 .
   * debian/patches: (Closes: #729873)
     + Add patch 004_CVE-2013-6629.patch. Check for duplications in
       jdmarker.c (CVE-2013-6629).
     + Add patch 005_CVE-2013-6630.patch: Properly clear out memory in
       jdmarker.c. (CVE-2013-6630).
Checksums-Sha1: 
 9ce639825915da5a8704b7c46e98d43781a199a1 2220 libjpeg-turbo_1.3.0-3.dsc
 631b6084ccbdcacfeb5a81b12733898408f35f59 9220 
libjpeg-turbo_1.3.0-3.debian.tar.xz
 10c15968bad47c9a3948dadbb416aa765f82e23d 153954 libturbojpeg1_1.3.0-3_amd64.deb
 72147d88cd602873d03f306223d0b1a225b05dd3 143782 
libturbojpeg1-dev_1.3.0-3_amd64.deb
 bba5005475a2ade9d881ab01829fbe0df5e496db 21906 
libjpeg-turbo-test_1.3.0-3_amd64.deb
Checksums-Sha256: 
 2a5e832846494ef0e4c2a0589fe2a70ba8628698005749374fec67d6d7a3d5d8 2220 
libjpeg-turbo_1.3.0-3.dsc
 6908bb7c798c56cd6cc6b727ef492666b6f4765e96f51c05c6b825bd53231c24 9220 
libjpeg-turbo_1.3.0-3.debian.tar.xz
 624c6dca2d048d69ee7f256e3217d76bf485322991550f5238556572ef476bd1 153954 
libturbojpeg1_1.3.0-3_amd64.deb
 a8c56051a8a177672e5bde2415f5c7f72f3510d0dc6449698fe887e4a9a72793 143782 
libturbojpeg1-dev_1.3.0-3_amd64.deb
 3ed7a0e911a07e2dfad277d3167fdb3793908f65beddd1d14df2cb41adfad970 21906 
libjpeg-turbo-test_1.3.0-3_amd64.deb
Files: 
 5b47e80769f033e154b9ae957da73cf0 2220 graphics optional 
libjpeg-turbo_1.3.0-3.dsc
 d5567a6cc53e8651eb43686b0a5e834c 9220 graphics optional 
libjpeg-turbo_1.3.0-3.debian.tar.xz
 1a70d2aa72132a4e1a78863722dc174b 153954 libs optional 
libturbojpeg1_1.3.0-3_amd64.deb
 13d4fbfc42590e129b61452d9a1cf871 143782 libdevel optional 
libturbojpeg1-dev_1.3.0-3_amd64.deb
 c28b64edf5013405a7d54411985661ab 21906 debug extra 
libjpeg-turbo-test_1.3.0-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJTI0P8AAoJEJr0azAldxsxfcMP/REuVHjoTn/U0cjdhbVrhM9l
im47n77e+k95c+8dRiOd92RhwG5TOtlD5l7qPcnVtZh5Zww378OXU0nKaFcrMGMN
ZTMu7ol77FqdzqFHba5iyAJxBXnY7VkmsLTu/hRe4d4qmdxJZ7l/r/dXlWoivHFM
1LYA2eCzMCACZoT5tZkr96n5/QPDHZ3qrHWyojXASZvUvq6Ntm96NlDJDbbd43eT
gRgJ2ZLc649u1Vs/7tEJiY8QK53fqQ+XlbgShOJeWjJQY/vyc07+dxmNx1TAkiMy
bEBjx9/DrLbjZX2ljoWOjic5ixoCh9BKa1JlO83Q1GH7ZwKfWmeRNNT4K7CGt8el
k7hn58KA5diiLWKEfzDNVijcYXbiFSG1ULShBbb4EZQSzTdqqwVk1r54kYQ4G2KT
MBlNB5L/VB+pHVxC7AyfkgiGSJVZ1La0/N0W6PpF8SYgp57xxxcG2syv0H5l2pJv
AGl+47w3IsdqsEAwhOc6WaABQ7s9aOqjEQJXhpneiFRNSLCxhjuQs2bP7FXZjWTN
BdjGtr6lWNoHAen+9vrbLw9f6PyqvWMpExZs+gBv3B4P5lDDXW/gfbhghG8KBxAe
SG1mB8Wi23xQQg1PsBErhtez8Uy87Fn4hQCWh3tAp3o1seYUGYwLEhMPkCpVNPmj
kni7mxJydLTUvrrj7Jub
=VjKV
-----END PGP SIGNATURE-----

--- End Message ---

Bug#729873: marked as done (libjpeg-turbo: CVE-2013-6629 CVE-2013-6630)

Reply via email to