[SECURITY] Fedora 20 Update: libjpeg-turbo-1.3.1-3.fc20

updates at fedoraproject.org updates at fedoraproject.org
Fri Mar 6 07:01:05 UTC 2015 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-2580
2015-02-26 02:33:29
--------------------------------------------------------------------------------

Name        : libjpeg-turbo
Product     : Fedora 20
Version     : 1.3.1
Release     : 3.fc20
URL         : http://sourceforge.net/projects/libjpeg-turbo
Summary     : A MMX/SSE2 accelerated library for manipulating JPEG image files
Description :
The libjpeg-turbo package contains a library of functions for manipulating JPEG
images.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2014-9092
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 25 2015 Petr Hracek <phracek at redhat.com> - 1.3.1-3
- CVE-2014-9092 libjpeg-turbo: denial of service via speciallu crafted JPEG file
  (#1169845)
* Thu Apr 17 2014 Simone Caronni <negativo17 at gmail.com> - 1.3.1-2
- Re-add libjpeg-devel requirements for broken packages since Fedora 13.
* Wed Apr 16 2014 Petr Hracek <phracek at redhat.com> - 1.3.1-1
- New upstream version
- Remove upstreamed patches, add missing jpegint.h
- Clean up SPEC file
- Disable --static subpackage
- Remove libjpeg obsolency, removed in Fedora 13
* Thu Dec 19 2013 Petr Hracek <phracek at redhat.com> - 1.3.0-2
- Apply fixes CVE-2013-6629, CVE-2013-6630 (#20131737)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1169845 - CVE-2014-9092 libjpeg-turbo: denial of service via specially-crafted JPEG file
        https://bugzilla.redhat.com/show_bug.cgi?id=1169845
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update libjpeg-turbo' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list