package/jpeg-turbo: security bump to version 2.0.5

Fixes the following security issue:

- CVE-2020-13790: ibjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based
  buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input

For more details, see the release notes:

Signed-off-by: Heiko Stuebner <>
[Peter: mark as security bump / extend commit message]
Signed-off-by: Peter Korsgaard <>
2 files changed