[SECURITY] [DLA 1628-1] jasper security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : jasper
Version : 1.900.1-debian1-2.4+deb8u5
CVE ID : CVE-2018-18873 CVE-2018-19139 CVE-2018-19539
CVE-2018-19540 CVE-2018-19541 CVE-2018-19542
CVE-2018-20570 CVE-2018-20584 CVE-2018-20622
Multiple issues were found in the JasPer JPEG-2000 library that could
lead to a denial-of-service (application crash), memory leaks and
potentially the execution of arbitrary code if a malformed image file
is processed.
For Debian 8 "Jessie", these problems have been fixed in version
1.900.1-debian1-2.4+deb8u5.
We recommend that you upgrade your jasper packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwtQcdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQHaw//XscscTqY1mWZYpCaZUaiUS0ue09aSAXyBqeQP+Sp9zi6srfu7Gx/Enxk
FCdafUlNC2H49v8eJfnnSpTaQl2y0LuDKqONM6WufERV53RI30EGeMT76qAtL26z
MprNL72RN1dG3AFwnujmKmutxjQUd/v5EWCCqgqibtX+PWF1GcJ8Kfh0j2C9rkN2
MNe+2wy7a9Z7oOBklBnb8uJ4TH67z/4P0gV0y/pAgQ677siGn7ZIAQ2CmBtwbd/4
Sr1ReDhQeVrVznEsnqYEsEQ57IyDFuMUScTkLcXloqOriF2ipjzDG+8FL3MKmUoI
hnf8vGwTu5CoLC5PtxWH+0dKXStHGTW7MatGNjrqYuX+AMoSZ9Ab6xV4fqnMn86x
aSgeM2rpUT8Umh8BMcXX5/n1OmV5gOcMo1x+9STvUZPMqgSO3i8wj37nYlUTF+9D
J9dustesQInXXfDVXrkgzyURPuo9HPwKalVxs1ezhL0swIe2ZtCyY0zopUPnLPzx
TDoKomAg+CDpdtJfTbIoGe9+9FETU/eTYr1FxewBbaQga6OiNb3jKcjuNC/864wm
/+NtC7fOktZZiXBcmNLyEAlr0ml3ZRtdgQxs3HxWmOM379p6puSOnx6JJqfVRUpB
LXeE3vltt95+aubx/sn+7p5Ja1vBhxE7PSYMb62v8tCe7ZhpjI8=
=Fw8o
-----END PGP SIGNATURE-----
Reply to: