4 files changed, 22 insertions, 0 deletions

diff --git a/REUSE.toml b/REUSE.toml
index bf5beed..c4a0278 100644
--- a/REUSE.toml
+++ b/REUSE.toml
@@ -6,6 +6,10 @@ SPDX-FileCopyrightText = 'None'
 SPDX-License-Identifier = 'CC0-1.0'
 
 [[annotations]]
+path = 'bugs/cve/2012/2806/cnode0006-heap-buffer-overflow-796.jpg'
+SPDX-FileCopyrightText = '2012 Chris Evans'
+
+[[annotations]]
 path = 'bugs/cve/2013/7437/1.bmp'
 SPDX-FileCopyrightText = '2013 Murray McAllister'
 
diff --git a/bugs/README.md b/bugs/README.md
index cc493a5..888f4f7 100644
--- a/bugs/README.md
+++ b/bugs/README.md
@@ -50,6 +50,11 @@
 
 ## libjpeg-turbo
 
+- CVE-2012-2806: [heap buffer overflow][chromium-40058947]
+
+      guix shell libjpeg-turbo@1.2.0
+      djpeg cve/2012/2806/cnode0006-heap-buffer-overflow-796.jpg
+
 - CVE-2017-15232: [null pointer dereference][mozjpeg-268]
 
       guix shell libjpeg-turbo@1.5.2
diff --git a/bugs/cve/2012/2806/cnode0006-heap-buffer-overflow-796.jpg b/bugs/cve/2012/2806/cnode0006-heap-buffer-overflow-796.jpg
new file mode 100644
index 0000000..f55d10d
--- /dev/null
+++ b/bugs/cve/2012/2806/cnode0006-heap-buffer-overflow-796.jpg
Binary files differdiff --git a/loftix/bugs.scm b/loftix/bugs.scm
index 51997dc..cfe16d0 100644
--- a/loftix/bugs.scm
+++ b/loftix/bugs.scm
@@ -143,6 +143,19 @@
     (arguments '(#:make-flags '("CFLAGS=-O2 -g -fsanitize=address"
                                 "LDFLAGS=-static -fsanitize=address")))))
 
+(define-public libjpeg-turbo-1.2.0-asan
+  (package
+    (inherit libjpeg-turbo-1.5.3-asan)
+    (name "libjpeg-turbo")
+    (version "1.2.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/libjpeg-turbo/"
+                                  version "/libjpeg-turbo-" version ".tar.gz"))
+              (sha256
+               (base32
+                "13pra36wn2djw2aq5vvbaf81m9jxdjixvpd8bw71nni9n6lv57b2"))))))
+
 (define-public libjpeg-turbo-2.0.1-asan
   (package
     (inherit libjpeg-turbo)