[SECURITY] [DLA 138-1] jasper security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : jasper
Version : 1.900.1-7+squeeze4
CVE ID : CVE-2014-8157 CVE-2014-8158
Debian Bug : 775970
An off-by-one flaw, leading to a heap-based buffer overflow
(CVE-2014-8157), and an unrestricted stack memory use flaw
(CVE-2014-8158) were found in JasPer, a library for manipulating
JPEG-2000 files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJUyTKLXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHIw4P/13xFeYn7F1QCsyvN9sGx3AA
zFyLyHzF7ru7Y3tyUass32bE3oBd4x6z23JJFNraFU0qwk3oQCf7LgIurlt7EYT6
HMKTanndVWS9JKay86oeADvTIBVYP8fj2k1rJSpkicW+dOsmc8b2HFI7JU5uCJXk
v8GEtEeCIFNyJQ7yQodm0rrnspGPI5pwm0v71wE0BP6ICQ6q7pSvPZUO8vIA/+a2
VcLsCoYLeM7TfTkQKOrA7W6tI8HnsIevFGaDsMne7XNmCz1UR/+/PSX6ZZS5ZBug
j95zj2T0b4RUOBfKgn7RKPaXZjwYWqEsqw3O/06hJs4hZGH7LuLaVyf9eny9c3F7
sHDIo0SyrOpNGh1A1yvY4fsydFkfeKTN/9aGSlTaeTVWNkWyE+rBxxEgD+5J8w1X
hGdqbfIyNheU6RDsQPqktX2HBCG+t08QzstgHCikDaczfLsBDuH3ngdHOanthsR9
G3w6u7D70JoZ4y8RKr7iXkUmu/8n/XZ3OJ7lWEL/UmsUnXJ1c4AoeNgige96ouJU
imipKbCnyxToIDyP1eGEubCadhmk9jUdCjAFIc6BF5GE82WFdY9jBh1cBqlqIf0Q
1+tMEREsq6YV9WCbt2K2K/QIklRmmhymZPgk2z4/flyl8Qw0Pg/ZSAAU3UB/lRyy
f1+ecQLNXIgIb4UMubYa
=qXGs
-----END PGP SIGNATURE-----
Reply to: