libjpeg-turbo (1.4.2-0ubuntu3.1) xenial-security; urgency=medium * SECURITY UPDATE: division by zero via BMP image - debian/patches/CVE-2018-1152.patch: add size check in rdbmp.c. - CVE-2018-1152 -- Marc Deslauriers Thu, 05 Jul 2018 15:30:37 -0400 libjpeg-turbo (1.4.2-0ubuntu3) xenial; urgency=medium * libjpeg8-turbo-dev: Install an libjpeg pkgconfig file. -- Matthias Klose Mon, 22 Feb 2016 15:52:51 +0100 libjpeg-turbo (1.4.2-0ubuntu2) xenial; urgency=medium * libjpeg-turbo-progs: Conflict with libjpeg-progs. LP: #1518035, #1532581. -- Matthias Klose Tue, 12 Jan 2016 13:10:10 +0100 libjpeg-turbo (1.4.2-0ubuntu1) xenial; urgency=medium * New upstream version. * Keep the Ubuntu packaging. -- Matthias Klose Thu, 07 Jan 2016 17:40:46 +0100 libjpeg-turbo (1.3.0-0ubuntu2) trusty; urgency=low * SECURITY UPDATE: information disclosure via uninitialized memory in the get_sos function (LP: #1252912) - debian/patches/CVE-2013-6629.patch: check for duplications in jdmarker.c. - CVE-2013-6629 * SECURITY UPDATE: information disclosure via uninitialized memory in the get_dht function (LP: #1252912) - debian/patches/CVE-2013-6630.patch: properly clear out memory in jdmarker.c. - CVE-2013-6630 -- Marc Deslauriers Thu, 19 Dec 2013 15:07:26 -0500 libjpeg-turbo (1.3.0-0ubuntu1) saucy; urgency=low * New upstream release. - drop debian/patches/branch-updates.diff - refresh tjunittest.patch (now renamed to install-tjunittest.patch) * Update debian/control: - add myself to Uploaders. * Update debian/copyright: - add RSA Data Security copyright (md5). * Update debian/libturbojpeg.install: - install libturbojpeg.so.0* (needed by tjunittest and tjbench). -- Fathi Boudra Sun, 28 Jul 2013 16:52:51 +0300 libjpeg-turbo (1.2.1-0ubuntu2) quantal; urgency=low * libjpeg-turbo-test: Depend on libjpegturbo. LP: #1053273. -- Matthias Klose Thu, 20 Sep 2012 14:53:18 +0200 libjpeg-turbo (1.2.1-0ubuntu1) quantal; urgency=low [ Tom Gall ] * Update to stable 1.2.1. LP: #1012861. * Addresses CVE-2012-2806. LP: #1025537. A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. * Cosmetic fixes to argument lists * Added flags to the TurboJPEG API that allow the caller to force the use of either the fast or the accurate DCT/IDCT algorithms in the underlying codec. * More recent versions of autoconf add -traditional-cpp to the CPP flags, which causes jsimdcfg.inc.h to not preprocess correctly unless we expand all of the instances of the #definev macro. * Fixed regression caused by a bug in the 32-bit strict memory access code in jdmrgss2.asm (contributed by Chromium to stop valgrind from whining whenever the output buffer size was not evenly divisible by 16 bytes.) On Linux/x86, this regression generated incorrect pixels on the right-hand side of images whose rows were not 16-byte aligned, whenever fancy upsampling was used. This patch also enables the strict memory access code on all platforms, not just Linux (it does no harm on other platforms) and removes a couple of pcmpeqb instructions that were rendered unnecessary by r835. * Accelerated 4:2:2 upsampling routine for ARM (improves performance ~20-30% when decompressing 4:2:2 JPEGs using fancy upsampling) * Eliminate the use of the MASKMOVDQU instruction, to speed up decompression performance by 10x on AMD Bobcat embedded processors (and ~5% on AMD desktop processors.) * add tjbench to libjpeg-turbo-test packages * Guard against num_components being a ridiculous value due to a corrupt header * Preserve all 128 bits of xmm6 and xmm7 [ Matthias Klose ] * Prepare the package for quantal, basing on the 1.2.1 release tarball. * d/patches/branch-updates.diff: Update to 20120919 of the 1.2.x branch, but don't bump the version to 1.2.2. * d/patches/guard-inline-define: Remove, integrated upstream. -- Matthias Klose Thu, 20 Sep 2012 00:18:15 +0200 libjpeg-turbo (1.1.90+svn733-0ubuntu6) quantal; urgency=low * Strip -Wl,-Bsymbolic-functions out of LDFLAGS, so that hpcups and pxljr can override jinit_color_converter. LP: #777670. -- Steve Langasek Tue, 10 Jul 2012 17:03:31 +0000 libjpeg-turbo (1.1.90+svn733-0ubuntu5) quantal; urgency=low * Guard the definition of INLINE in an ifndef block, so that third parties including our headers don't get it redefined unexpectedly from under them (which cause the spice FTBFS) -- Adam Conrad Wed, 20 Jun 2012 14:26:21 -0600 # For older changelog entries, run 'apt-get changelog libturbojpeg'