[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

testing jasper for Wheezy LTS

Hi everybody,

I uploaded version 1.900.1-13+deb7u5 of jasper to:


Please give it a try and tell me about any problems you met.

As upstream is basically doing only bugfixes now, I would suggest to not proceed with patching the current version in Wheezy, but uploading the latest upstream version. Wheezy now has 1.900.1, whereas upstream is at 1.900.31, respectively switched to 2.0.1. In case of thunderous applause, I would upload the most preferred version in December, any comments?


   * CVE-2016-8691
     FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c
   * CVE-2016-8692
     FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c
   * CVE-2016-8693
     attempting double-free ... mem_close ... jas_stream.c
   * CVE-2016-8882
     segfault / null pointer access in jpc_pi_destroy
   * CVE-2016-9560
     stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c)
   * CVE-2016-8887 part 1 + 2
     NULL pointer dereference in jp2_colr_destroy (jp2_cod.c)
   * CVE-2016-8654
     Heap-based buffer overflow in QMFB code in JPC codec
   * CVE-2016-8883
     assert in jpc_dec_tiledecode()
     heap-based buffer overflow in jpc_dec_tiledecode (jpc_dec.c)

Reply to: