Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

libjpeg9: CVE-2018-11813

Related Vulnerabilities: CVE-2018-11813   CVE-2018-11212   CVE-2018-11213   CVE-2018-11214  

Source

Debian Bug report logs - #904719
libjpeg9: CVE-2018-11813

version graph

Package: src:libjpeg9; Maintainer for src:libjpeg9 is Bill Allombert <ballombe@debian.org>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Sat, 23 Jun 2018 07:15:02 UTC

Severity: normal

Tags: security

Found in version libjpeg9/1:9b-2

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Bill Allombert <ballombe@debian.org>:
Bug#902176; Package src:libjpeg9. (Sat, 23 Jun 2018 07:15:05 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Bill Allombert <ballombe@debian.org>. (Sat, 23 Jun 2018 07:15:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2018-11212 CVE-2018-11213 CVE-2018-11214
Date: Sat, 23 Jun 2018 09:11:14 +0200
Source: libjpeg9
Severity: normal
Tags: security

There have been three reports of minor bugs in libjpeg, which
ended up getting a CVE ID assigned:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11212

They all seem fairly harmless and I'm not sure if they've
been reported upstream.

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Bill Allombert <ballombe@debian.org>:
Bug#902176; Package src:libjpeg9. (Sat, 23 Jun 2018 08:45:07 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Bill Allombert <ballombe@debian.org>. (Sat, 23 Jun 2018 08:45:07 GMT) (full text, mbox, link).

Message #10 received at 902176@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>
To: 902176@bugs.debian.org
Subject: Re: CVE-2018-11212 CVE-2018-11213 CVE-2018-11214
Date: Sat, 23 Jun 2018 10:43:30 +0200
On Sat, Jun 23, 2018 at 09:11:14AM +0200, Moritz Muehlenhoff wrote:
> Source: libjpeg9
> Severity: normal
> Tags: security
> 
> There have been three reports of minor bugs in libjpeg, which
> ended up getting a CVE ID assigned:
> 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11214
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11213
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11212

Also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11813

Cheers,
        Moritz

Changed Bug title to 'CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 CVE-2018-11813' from 'CVE-2018-11212 CVE-2018-11213 CVE-2018-11214'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 23 Jun 2018 09:54:12 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#902176; Package src:libjpeg9. (Thu, 26 Jul 2018 20:51:06 GMT) (full text, mbox, link).

Acknowledgement sent to Bill Allombert <ballombe@debian.org>:
Extra info received and forwarded to list. (Thu, 26 Jul 2018 20:51:06 GMT) (full text, mbox, link).

Message #17 received at 902176@bugs.debian.org (full text, mbox, reply):

From: Bill Allombert <ballombe@debian.org>
To: Moritz Mühlenhoff <jmm@inutil.org>, 902176@bugs.debian.org
Subject: Re: Bug#902176: CVE-2018-11212 CVE-2018-11213 CVE-2018-11214
Date: Thu, 26 Jul 2018 22:49:52 +0200
On Sat, Jun 23, 2018 at 10:43:30AM +0200, Moritz Mühlenhoff wrote:
> On Sat, Jun 23, 2018 at 09:11:14AM +0200, Moritz Muehlenhoff wrote:
> > Source: libjpeg9
> > Severity: normal
> > Tags: security
> > 
> > There have been three reports of minor bugs in libjpeg, which
> > ended up getting a CVE ID assigned:
> > 
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11214
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11213
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11212

Hello Moritz,
These bugs are fixed in libjpeg 9c that I will upload soon.

> Also:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11813

Could you report this last one as a separate issue ?

Thanks for your report!
-- 
Bill. <ballombe@debian.org>

Imagine a large red swirl here.

Information forwarded to debian-bugs-dist@lists.debian.org, Bill Allombert <ballombe@debian.org>:
Bug#902176; Package src:libjpeg9. (Fri, 27 Jul 2018 06:21:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Bill Allombert <ballombe@debian.org>. (Fri, 27 Jul 2018 06:21:05 GMT) (full text, mbox, link).

Message #22 received at 902176@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Bill Allombert <ballombe@debian.org>, 902176@bugs.debian.org
Cc: Moritz Mühlenhoff <jmm@inutil.org>
Subject: Re: Bug#902176: CVE-2018-11212 CVE-2018-11213 CVE-2018-11214
Date: Fri, 27 Jul 2018 08:20:20 +0200
Control: clone -1 -2
Control: retitle -1 libjpeg9: CVE-2018-11212 CVE-2018-11213 CVE-2018-11214
Control: retitle -2 libjpeg9: CVE-2018-11813

Hi Bill

On Thu, Jul 26, 2018 at 10:49:52PM +0200, Bill Allombert wrote:
> On Sat, Jun 23, 2018 at 10:43:30AM +0200, Moritz Mühlenhoff wrote:
> > On Sat, Jun 23, 2018 at 09:11:14AM +0200, Moritz Muehlenhoff wrote:
> > > Source: libjpeg9
> > > Severity: normal
> > > Tags: security
> > > 
> > > There have been three reports of minor bugs in libjpeg, which
> > > ended up getting a CVE ID assigned:
> > > 
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11214
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11213
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11212
> 
> Hello Moritz,
> These bugs are fixed in libjpeg 9c that I will upload soon.
> 
> > Also:
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11813
> 
> Could you report this last one as a separate issue ?

Splitting/clone this bug for your request.

Thanks for your work!

Regards,
Salvatore

Bug 902176 cloned as bug 904719 Request was from Salvatore Bonaccorso <carnil@debian.org> to 902176-submit@bugs.debian.org. (Fri, 27 Jul 2018 06:21:05 GMT) (full text, mbox, link).

Changed Bug title to 'libjpeg9: CVE-2018-11813' from 'CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 CVE-2018-11813'. Request was from Salvatore Bonaccorso <carnil@debian.org> to 902176-submit@bugs.debian.org. (Fri, 27 Jul 2018 06:21:06 GMT) (full text, mbox, link).

Marked as found in versions libjpeg9/1:9b-2. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 27 Jul 2018 06:33:03 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:48:45 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started