testing jasper for Wheezy LTS

To: debian-lts@lists.debian.org
Subject: testing jasper for Wheezy LTS
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 23 Apr 2017 13:16:53 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1704231314350.29764@jupiter.server.alteholz.net>

Hi everybody,

I uploaded version 1.900.1-13+deb7u6 of jasper to:

https://people.debian.org/~alteholz/packages/wheezy-lts/jasper/amd64/

Please give it a try and tell me about any problems you met. If you usejasper for your own projects, I would be also interested whether you canstill build it with that new version.


Thanks!
 Thorsten



   * CVE-2016-9591
     Use-after-free on heap in jas_matrix_destroy
     The vulnerability exists in code responsible for re-encoding the
     decoded input image file to a JP2 image. The vulnerability is
     caused by not setting related pointers to be null after the
     pointers are freed (i.e. missing Setting-Pointer-Null operations
     after free). The vulnerability can further cause double-free.
   * CVE-2016-10251
     Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in
     JasPer before 1.900.20 allows remote attackers to have unspecified
     impact via a crafted file, which triggers use of an uninitialized
     value.
   * fix for TEMP-CVE from last upload to avoid hassle with SIZE_MAX

Reply to:

Follow-Ups:
- Re: testing jasper for Wheezy LTS
  - From: Emilio Pozuelo Monfort <pochu@debian.org>

Prev by Date: Re: April report
Next by Date: Mysql 5.5.55
Previous by thread: Wheezy update of squirrelmail?
Next by thread: Re: testing jasper for Wheezy LTS
Index(es):
- Date
- Thread