Package "libturbojpeg"

  libjpeg-turbo (1.4.2-0ubuntu3.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer over-read
    - debian/patches/CVE-2020-13790.patch: fix buf overrun caused
      by bad binary PPM in rdppm.c.
    - CVE-2020-13790

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jun 2020 13:35:57 -0300

  libjpeg-turbo (1.4.2-0ubuntu3.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14498.patch: Fix OOB read
      caused by malformed 8-bit BMP in cderror.h, rdbmp.c, rdppm.c.
    - CVE-2018-14498
  * SECURITY UPDATE: Several integer overflow and subsequent
    segfaults
    - debian/patches/CVE-2019-2201.patch: properly handled
      gigapixel images in java/TJBench.java, tjbench.c,
      turbojpeg.c.
    - CVE-2019-2201

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 12 Nov 2019 13:26:57 -0300

  libjpeg-turbo (1.4.2-0ubuntu3.1) xenial-security; urgency=medium

  * SECURITY UPDATE: division by zero via BMP image
    - debian/patches/CVE-2018-1152.patch: add size check in rdbmp.c.
    - CVE-2018-1152

 -- Marc Deslauriers <email address hidden> Thu, 05 Jul 2018 15:30:37 -0400