Ubuntu
libjpeg-turbo package

Bug #1025537
Comment #3

Comment 3 for bug 1025537

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-09-19:

This bug was fixed in the package libjpeg-turbo - 1.2.1-0ubuntu1

---------------
libjpeg-turbo (1.2.1-0ubuntu1) quantal; urgency=low

  [ Tom Gall ]
  * Update to stable 1.2.1. LP: #1012861.
    * Addresses CVE-2012-2806. LP: #1025537.
      A Heap-based buffer overflow was found in the way libjpeg-turbo
      decompressed certain corrupt JPEG images in which the component count
      was erroneously set to a large value. An attacker could create a
      specially-crafted JPEG image that, when opened, could cause an
      application using libpng to crash or, possibly, execute arbitrary code
      with the privileges of the user running the application.
    * Cosmetic fixes to argument lists
    * Added flags to the TurboJPEG API that allow the caller to force
      the use of either the fast or the accurate DCT/IDCT algorithms
      in the underlying codec.
    * More recent versions of autoconf add -traditional-cpp to the CPP
      flags, which causes jsimdcfg.inc.h to not preprocess correctly
      unless we expand all of the instances of the #definev macro.
    * Fixed regression caused by a bug in the 32-bit strict memory access
      code in jdmrgss2.asm (contributed by Chromium to stop valgrind from
      whining whenever the output buffer size was not evenly divisible by
      16 bytes.) On Linux/x86, this regression generated incorrect
      pixels on the right-hand side of images whose rows were not 16-byte
      aligned, whenever fancy upsampling was used. This patch also
      enables the strict memory access code on all platforms, not just
      Linux (it does no harm on other platforms) and removes a couple of
      pcmpeqb instructions that were rendered unnecessary by r835.
    * Accelerated 4:2:2 upsampling routine for ARM (improves
      performance ~20-30% when decompressing 4:2:2 JPEGs using
      fancy upsampling)
    * Eliminate the use of the MASKMOVDQU instruction, to speed
      up decompression performance by 10x on AMD Bobcat embedded
      processors (and ~5% on AMD desktop processors.)
    * add tjbench to libjpeg-turbo-test packages
    * Guard against num_components being a ridiculous
      value due to a corrupt header
    * Preserve all 128 bits of xmm6 and xmm7

  [ Matthias Klose ]
  * Prepare the package for quantal, basing on the 1.2.1 release tarball.
  * d/patches/branch-updates.diff: Update to 20120919 of the 1.2.x branch,
    but don't bump the version to 1.2.2.
  * d/patches/guard-inline-define: Remove, integrated upstream.
-- Matthias Klose <email address hidden> Thu, 20 Sep 2012 00:18:15 +0200

This bug was fixed in the package libjpeg-turbo - 1.2.1-0ubuntu1

---------------
libjpeg-turbo (1.2.1-0ubuntu1) quantal; urgency=low

[ Tom Gall ]
  * Update to stable 1.2.1. LP: #1012861.
    * Addresses CVE-2012-2806. LP: #1025537.
      A Heap-based buffer overflow was found in the way libjpeg-turbo
      decompressed certain corrupt JPEG images in which the component count
      was erroneously set to a large value. An attacker could create a
      specially-crafted JPEG image that, when opened, could cause an
      application using libpng to crash or, possibly, execute arbitrary code
      with the privileges of the user running the application.
    * Cosmetic fixes to argument lists
    * Added flags to the TurboJPEG API that allow the caller to force
      the use of either the fast or the accurate DCT/IDCT algorithms
      in the underlying codec.
    * More recent versions of autoconf add -traditional-cpp to the CPP
      flags, which causes jsimdcfg.inc.h to not preprocess correctly
      unless we expand all of the instances of the #definev macro.
    * Fixed regression caused by a bug in the 32-bit strict memory access
      code in jdmrgss2.asm (contributed by Chromium to stop valgrind from
      whining whenever the output buffer size was not evenly divisible by
      16 bytes.)  On Linux/x86, this regression generated incorrect
      pixels on the right-hand side of images whose rows were not 16-byte
      aligned, whenever fancy upsampling was used.  This patch also
      enables the strict memory access code on all platforms, not just
      Linux (it does no harm on other platforms) and removes a couple of
      pcmpeqb instructions that were rendered unnecessary by r835.
    * Accelerated 4:2:2 upsampling routine for ARM (improves
      performance ~20-30% when decompressing 4:2:2 JPEGs using
      fancy upsampling)
    * Eliminate the use of the MASKMOVDQU instruction, to speed
      up decompression performance by 10x on AMD Bobcat embedded
      processors (and ~5% on AMD desktop processors.)
    * add tjbench to libjpeg-turbo-test packages
    * Guard against num_components being a ridiculous
      value due to a corrupt header
    * Preserve all 128 bits of xmm6 and xmm7

[ Matthias Klose ]
  * Prepare the package for quantal, basing on the 1.2.1 release tarball.
  * d/patches/branch-updates.diff: Update to 20120919 of the 1.2.x branch,
    but don't bump the version to 1.2.2.
  * d/patches/guard-inline-define: Remove, integrated upstream.
 -- Matthias Klose <doko@ubuntu.com>   Thu, 20 Sep 2012 00:18:15 +0200

Ubuntulibjpeg-turbo package

Comment 3 for bug 1025537

Ubuntu
libjpeg-turbo package