From 78dc70d1107dc4aaf3bd5af22a10c082f9215ccd Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 6 Jul 2020 19:40:24 +0200
Subject: jpeg issue already fixed a few years ago take squid

---
 data/CVE/list       | 4 ++--
 data/dsa-needed.txt | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'data')

diff --git a/data/CVE/list b/data/CVE/list
index 75c8524b38..505badd63d 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3348,9 +3348,9 @@ CVE-2020-14153 (In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-boun
 	NOTE: Not clear what the exact change is between 9c and 9d and whether it applies to -turbo
 CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...)
 	- libjpeg9 1:9d-1 (low)
-	- libjpeg-turbo <unfixed> (low)
+	- libjpeg-turbo 1:1.5.2-1 (low)
 	[jessie] - libjpeg-turbo <no-dsa> (Minor issue)
-	TODO: report to libjpeg-turbo upstream
+	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/da2a27ef056a0179cbd80f9146e58b89403d9933
 CVE-2020-14151
 	REJECTED
 CVE-2020-14150 (GNU Bison before 3.5.4 allows attackers to cause a denial of service ( ...)
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index cd4278c532..cead6d7444 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -39,9 +39,9 @@ ruby2.5/stable
 --
 roundcube
 --
-squid/stable
+squid (jmm)
 --
-teeworlds/stable (jmm)
+teeworlds (jmm)
 --
 xcftools
   Hugo proposed to work on this update
-- 
cgit v1.2.3