Format: 1.8 Date: Wed, 27 Jun 2018 11:04:48 -0400 Source: jasper Binary: libjasper1 libjasper-dev libjasper-runtime Architecture: ppc64el Version: 1.900.1-14ubuntu3.5 Distribution: trusty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libjasper-dev - Development files for the JasPer JPEG-2000 library libjasper-runtime - Programs for manipulating JPEG-2000 files libjasper1 - JasPer JPEG-2000 runtime library Changes: jasper (1.900.1-14ubuntu3.5) trusty-security; urgency=medium . * SECURITY UPDATE: double-free in jasper_image_stop_load - debian/patches/CVE-2015-5203-CVE-2016-9262.patch: fix overflow and double free in src/libjasper/base/jas_image.c, src/libjasper/include/jasper/jas_math.h. (Thanks to Red Hat for the patch!) - CVE-2015-5203 * SECURITY UPDATE: use-after-free in mif_process_cmpt - debian/patches/CVE-2015-5221.patch: fix use-after-free in src/libjasper/mif/mif_cod.c. - CVE-2015-5221 * SECURITY UPDATE: denial of service in jpc_tsfb_synthesize - debian/patches/CVE-2016-10248.patch: fix type promotion and prevent null pointer dereference in src/libjasper/include/jasper/jas_seq.h, src/libjasper/jpc/jpc_dec.c, src/libjasper/jpc/jpc_tsfb.c. - CVE-2016-10248 * SECURITY UPDATE: denial of service in jp2_colr_destroy - debian/patches/CVE-2016-10250.patch: fix cleanup in src/libjasper/jp2/jp2_cod.c. - CVE-2016-10250 * SECURITY UPDATE: denial of service in jpc_dec_tiledecode - debian/patches/CVE-2016-8883.patch: remove asserts in src/libjasper/jpc/jpc_dec.c. - CVE-2016-8883 * SECURITY UPDATE: denial of service in jp2_colr_destroy - debian/patches/CVE-2016-8887.patch: don't destroy box that doesn't exist in src/libjasper/jp2/jp2_cod.c, src/libjasper/jp2/jp2_dec.c. - CVE-2016-8887 * SECURITY UPDATE: integer overflow in jpc_dec_process_siz - debian/patches/CVE-2016-9387-1.patch: fix overflow in src/libjasper/jpc/jpc_dec.c. - debian/patches/CVE-2016-9387-2.patch: add more checks to src/libjasper/jpc/jpc_dec.c. - CVE-2016-9387 * SECURITY UPDATE: denial of service in ras_getcmap - debian/patches/CVE-2016-9388.patch: remove assertions in src/libjasper/ras/ras_dec.c, src/libjasper/ras/ras_enc.c. - CVE-2016-9388 * SECURITY UPDATE: denial of service in jpc_irct and jpc_iict functions - debian/patches/CVE-2016-9389.patch: add check to src/libjasper/base/jas_image.c, src/libjasper/jpc/jpc_dec.c, src/libjasper/include/jasper/jas_image.h. - CVE-2016-9389 * SECURITY UPDATE: denial of service in jas_seq2d_create - debian/patches/CVE-2016-9390.patch: check tiles in src/libjasper/jpc/jpc_cs.c. - CVE-2016-9390 * SECURITY UPDATE: denial of service in jpc_bitstream_getbits - debian/patches/CVE-2016-9391.patch: add tests to src/libjasper/jpc/jpc_bs.c, src/libjasper/jpc/jpc_cs.c. - CVE-2016-9391 * SECURITY UPDATE: multiple denial of service issues - debian/patches/CVE-2016-9392-3-4.patch: add more checks to src/libjasper/jpc/jpc_cs.c. - CVE-2016-9392 - CVE-2016-9393 - CVE-2016-9394 * SECURITY UPDATE: denial of service in JPC_NOMINALGAIN - debian/patches/CVE-2016-9396.patch: add check to src/libjasper/jpc/jpc_cs.c. - CVE-2016-9396 * SECURITY UPDATE: denial of service via crafted image - debian/patches/CVE-2016-9600.patch: add more checks to src/libjasper/jp2/jp2_enc.c. - CVE-2016-9600 * SECURITY UPDATE: NULL pointer exception in jp2_encode - debian/patches/CVE-2017-1000050.patch: check number of components in src/libjasper/jp2/jp2_enc.c. - CVE-2017-1000050 * SECURITY UPDATE: denial of service in jp2_cdef_destroy - debian/patches/CVE-2017-6850.patch: initialize data in src/libjasper/base/jas_stream.c, src/libjasper/jp2/jp2_cod.c. - CVE-2017-6850 Checksums-Sha1: cca02af3c2c75bf9df27def2ee932ed7722ee11f 140050 libjasper1_1.900.1-14ubuntu3.5_ppc64el.deb 940589c6304b243818043598119f9cce6d947c44 533216 libjasper-dev_1.900.1-14ubuntu3.5_ppc64el.deb 54ce1bcad54ed5cef49efbd6d16e726c301f2c74 13972 libjasper-runtime_1.900.1-14ubuntu3.5_ppc64el.deb 4c8bf8fc59c406fcb7ff75971ba9ebe1ff6a13fa 294288 libjasper1-dbgsym_1.900.1-14ubuntu3.5_ppc64el.ddeb b26bf7c96d6515b9e6fbf3b128eab8ee6540f009 22914 libjasper-runtime-dbgsym_1.900.1-14ubuntu3.5_ppc64el.ddeb Checksums-Sha256: 85f5ab7c146857b24c63798c0ec15aaeb33f4e4c6803bd1075e3c175a75a7273 140050 libjasper1_1.900.1-14ubuntu3.5_ppc64el.deb 9af2e64762e9e36a45beac20915b2bfef5e216dda9eb64866d88f66791341922 533216 libjasper-dev_1.900.1-14ubuntu3.5_ppc64el.deb f8913b2cfbe4d3459e85f493691178e23759b8598946edf3fc5177839beafbd5 13972 libjasper-runtime_1.900.1-14ubuntu3.5_ppc64el.deb b415ae4e690d04387141381433870913714ecaed6a0e1aa9b22d1621e09c0faf 294288 libjasper1-dbgsym_1.900.1-14ubuntu3.5_ppc64el.ddeb 337dc9b1091bbce4b69bb18b8722762105c4b31e3e4bc47226826859a32eafd1 22914 libjasper-runtime-dbgsym_1.900.1-14ubuntu3.5_ppc64el.ddeb Files: 703508c994b0a2e8666c66b7fb2e6e5a 140050 libs optional libjasper1_1.900.1-14ubuntu3.5_ppc64el.deb 5c6f01657730e17c0761dc758e684a0d 533216 libdevel optional libjasper-dev_1.900.1-14ubuntu3.5_ppc64el.deb cc216e1cc911cc8e23cb74661b8789a0 13972 graphics optional libjasper-runtime_1.900.1-14ubuntu3.5_ppc64el.deb ad81c8aedcc13f338c701937640d6caa 294288 libs extra libjasper1-dbgsym_1.900.1-14ubuntu3.5_ppc64el.ddeb 76f20a0dc776fefe7da4fa1deed1ab9b 22914 graphics extra libjasper-runtime-dbgsym_1.900.1-14ubuntu3.5_ppc64el.ddeb Original-Maintainer: Roland Stigge