Debian Bug report logs -
#904719
libjpeg9: CVE-2018-11813
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Bill Allombert <ballombe@debian.org>
:
Bug#902176
; Package src:libjpeg9
.
(Sat, 23 Jun 2018 07:15:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Bill Allombert <ballombe@debian.org>
.
(Sat, 23 Jun 2018 07:15:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libjpeg9
Severity: normal
Tags: security
There have been three reports of minor bugs in libjpeg, which
ended up getting a CVE ID assigned:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11212
They all seem fairly harmless and I'm not sure if they've
been reported upstream.
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Bill Allombert <ballombe@debian.org>
:
Bug#902176
; Package src:libjpeg9
.
(Sat, 23 Jun 2018 08:45:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>
:
Extra info received and forwarded to list. Copy sent to Bill Allombert <ballombe@debian.org>
.
(Sat, 23 Jun 2018 08:45:07 GMT) (full text, mbox, link).
Message #10 received at 902176@bugs.debian.org (full text, mbox, reply):
On Sat, Jun 23, 2018 at 09:11:14AM +0200, Moritz Muehlenhoff wrote:
> Source: libjpeg9
> Severity: normal
> Tags: security
>
> There have been three reports of minor bugs in libjpeg, which
> ended up getting a CVE ID assigned:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11214
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11213
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11212
Also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11813
Cheers,
Moritz
Changed Bug title to 'CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 CVE-2018-11813' from 'CVE-2018-11212 CVE-2018-11213 CVE-2018-11214'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 23 Jun 2018 09:54:12 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org
:
Bug#902176
; Package src:libjpeg9
.
(Thu, 26 Jul 2018 20:51:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Bill Allombert <ballombe@debian.org>
:
Extra info received and forwarded to list.
(Thu, 26 Jul 2018 20:51:06 GMT) (full text, mbox, link).
Message #17 received at 902176@bugs.debian.org (full text, mbox, reply):
On Sat, Jun 23, 2018 at 10:43:30AM +0200, Moritz Mühlenhoff wrote:
> On Sat, Jun 23, 2018 at 09:11:14AM +0200, Moritz Muehlenhoff wrote:
> > Source: libjpeg9
> > Severity: normal
> > Tags: security
> >
> > There have been three reports of minor bugs in libjpeg, which
> > ended up getting a CVE ID assigned:
> >
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11214
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11213
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11212
Hello Moritz,
These bugs are fixed in libjpeg 9c that I will upload soon.
> Also:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11813
Could you report this last one as a separate issue ?
Thanks for your report!
--
Bill. <ballombe@debian.org>
Imagine a large red swirl here.
Information forwarded
to debian-bugs-dist@lists.debian.org, Bill Allombert <ballombe@debian.org>
:
Bug#902176
; Package src:libjpeg9
.
(Fri, 27 Jul 2018 06:21:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Bill Allombert <ballombe@debian.org>
.
(Fri, 27 Jul 2018 06:21:05 GMT) (full text, mbox, link).
Message #22 received at 902176@bugs.debian.org (full text, mbox, reply):
Control: clone -1 -2
Control: retitle -1 libjpeg9: CVE-2018-11212 CVE-2018-11213 CVE-2018-11214
Control: retitle -2 libjpeg9: CVE-2018-11813
Hi Bill
On Thu, Jul 26, 2018 at 10:49:52PM +0200, Bill Allombert wrote:
> On Sat, Jun 23, 2018 at 10:43:30AM +0200, Moritz Mühlenhoff wrote:
> > On Sat, Jun 23, 2018 at 09:11:14AM +0200, Moritz Muehlenhoff wrote:
> > > Source: libjpeg9
> > > Severity: normal
> > > Tags: security
> > >
> > > There have been three reports of minor bugs in libjpeg, which
> > > ended up getting a CVE ID assigned:
> > >
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11214
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11213
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11212
>
> Hello Moritz,
> These bugs are fixed in libjpeg 9c that I will upload soon.
>
> > Also:
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11813
>
> Could you report this last one as a separate issue ?
Splitting/clone this bug for your request.
Thanks for your work!
Regards,
Salvatore
Bug 902176 cloned as bug 904719
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 902176-submit@bugs.debian.org
.
(Fri, 27 Jul 2018 06:21:05 GMT) (full text, mbox, link).
Changed Bug title to 'libjpeg9: CVE-2018-11813' from 'CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 CVE-2018-11813'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 902176-submit@bugs.debian.org
.
(Fri, 27 Jul 2018 06:21:06 GMT) (full text, mbox, link).
Marked as found in versions libjpeg9/1:9b-2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Fri, 27 Jul 2018 06:33:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:48:45 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.