Sync jasper 1.900.1-debian1-2.4 (main) from Debian unstable (main)

Please sync jasper 1.900.1-debian1-2.4 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: denial of service or code execution via off-by-one
    - debian/patches/07-CVE-2014-8157.patch: fix off-by-one in
      src/libjasper/jpc/jpc_dec.c.
    - CVE-2014-8157
  * SECURITY UPDATE: denial of service or code execution via memory
    corruption
    - debian/patches/08-CVE-2014-8158.patch: remove HAVE_VLA to use more
      sensible buffer sizes in src/libjasper/jpc/jpc_qmfb.c.
    - CVE-2014-8158

Debian fixed CVEs, as well.

Changelog entries since current vivid version 1.900.1-debian1-2.3ubuntu1:

jasper (1.900.1-debian1-2.4) unstable; urgency=high

  * Non-maintainer upload.
  * Add 07-CVE-2014-8157.patch patch.
    CVE-2014-8157: dec->numtiles off-by-one check in jpc_dec_process_sot().
    (Closes: #775970)
  * Add 08-CVE-2014-8158.patch patch.
    CVE-2014-8158: unrestricted stack memory use in jpc_qmfb.c (Closes: #775970)

 -- Salvatore Bonaccorso <email address hidden> Thu, 22 Jan 2015 17:09:24 +0100