Sync jasper 1.900.1-debian1-2.4 (main) from Debian unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
jasper (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Please sync jasper 1.900.1-debian1-2.4 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: denial of service or code execution via off-by-one
- debian/
src/
- CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
corruption
- debian/
sensible buffer sizes in src/libjasper/
- CVE-2014-8158
Debian fixed CVEs, as well.
Changelog entries since current vivid version 1.900.1-
jasper (1.900.
* Non-maintainer upload.
* Add 07-CVE-
CVE-2014-8157: dec->numtiles off-by-one check in jpc_dec_
(Closes: #775970)
* Add 08-CVE-
CVE-2014-8158: unrestricted stack memory use in jpc_qmfb.c (Closes: #775970)
-- Salvatore Bonaccorso <email address hidden> Thu, 22 Jan 2015 17:09:24 +0100
Changed in jasper (Ubuntu): | |
importance: | Undecided → Wishlist |
This bug was fixed in the package jasper - 1.900.1-debian1-2.4
Sponsored for Artur Rona (ari-tczew)
--------------- 1-debian1- 2.4) unstable; urgency=high
jasper (1.900.
* Non-maintainer upload. 2014-8157. patch patch. process_ sot(). 2014-8158. patch patch.
* Add 07-CVE-
CVE-2014-8157: dec->numtiles off-by-one check in jpc_dec_
(Closes: #775970)
* Add 08-CVE-
CVE-2014-8158: unrestricted stack memory use in jpc_qmfb.c (Closes: #775970)
-- Salvatore Bonaccorso <email address hidden> Thu, 22 Jan 2015 17:09:24 +0100