Skip to content

Commit 2c5b4d9

Browse files
ffontaineffontaine
authored
fix: update libjpeg-turbo checker (#5278)
Add missing + in libjpeg-turbo pattern to avoid truncating latest digit of version (e.g, 3.0.9 instead of 3.0.90) Moreover, also update pattern to catch version on 4 digits This issue is present since the addition of the checker in 2019 Fix 8089472 Signed-off-by: Fabrice Fontaine <[email protected]>
1 parent db4961e commit 2c5b4d9

File tree

3 files changed

+8
-1
lines changed

3 files changed

+8
-1
lines changed

cve_bin_tool/checkers/libjpeg_turbo.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ class LibjpegTurboChecker(Checker):
1919
r"Invalid JPEG file structure: two SOF markers",
2020
]
2121
FILENAME_PATTERNS = [r"libjpg.so."]
22-
VERSION_PATTERNS = [r"libjpeg-turbo version ([0-9]\.[0-9]\.[0-9])"]
22+
VERSION_PATTERNS = [r"libjpeg-turbo version ([0-9]+\.[0-9]+\.[0-9]+(\.[0-9]+)?)"]
2323
VENDOR_PRODUCT = [
2424
("d.r.commander", "libjpeg-turbo"),
2525
("libjpeg-turbo", "libjpeg-turbo"),

test/condensed-downloads/libjpeg-turbo-2.1.5.1-r3.apk.tar.gz

38 KB
Binary file not shown.

test/test_data/libjpeg_turbo.py

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,4 +33,11 @@
3333
"version": "2.1.2",
3434
"other_products": ["libjpeg"],
3535
},
36+
{
37+
"url": "https://dl-cdn.alpinelinux.org/alpine/v3.18/main/aarch64/",
38+
"package_name": "libjpeg-turbo-2.1.5.1-r3.apk",
39+
"product": "libjpeg-turbo",
40+
"version": "2.1.5.1",
41+
"other_products": ["gcc", "libjpeg"],
42+
},
3643
]

0 commit comments

Comments
 (0)