testing jasper for Wheezy LTS

To: debian-lts@lists.debian.org
Subject: testing jasper for Wheezy LTS
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 30 Nov 2016 20:27:30 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1611302013140.8093@jupiter.server.alteholz.net>

Hi everybody,

I uploaded version 1.900.1-13+deb7u5 of jasper to:

https://people.debian.org/~alteholz/packages/wheezy-lts/jasper/amd64/

Please give it a try and tell me about any problems you met.

As upstream is basically doing only bugfixes now, I would suggest to notproceed with patching the current version in Wheezy, but uploading thelatest upstream version. Wheezy now has 1.900.1, whereas upstream is at1.900.31, respectively switched to 2.0.1.In case of thunderous applause, I would upload the most preferredversion in December, any comments?


Thanks!
 Thorsten



   * CVE-2016-8691
     FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c
   * CVE-2016-8692
     FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c
   * CVE-2016-8693
     attempting double-free ... mem_close ... jas_stream.c
   * CVE-2016-8882
     segfault / null pointer access in jpc_pi_destroy
   * CVE-2016-9560
     stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c)
   * CVE-2016-8887 part 1 + 2
     NULL pointer dereference in jp2_colr_destroy (jp2_cod.c)
   * CVE-2016-8654
     Heap-based buffer overflow in QMFB code in JPC codec
   * CVE-2016-8883
     assert in jpc_dec_tiledecode()
   * TEMP-CVE
     heap-based buffer overflow in jpc_dec_tiledecode (jpc_dec.c)

Reply to:

Prev by Date: monit/CVE-2016-7067: call for testing
Next by Date: Re: monit/CVE-2016-7067: call for testing
Previous by thread: Re: monit/CVE-2016-7067: call for testing
Next by thread: nss security update package ready for review
Index(es):
- Date
- Thread