-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 16 Nov 2018 18:44:08 +0100 Source: jasper Binary: libjasper1 libjasper-dev libjasper-runtime Architecture: source amd64 Version: 1.900.1-debian1-2.4+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Roland Stigge <stigge@antcom.de> Changed-By: Markus Koschany <apo@debian.org> Description: libjasper-dev - Development files for the JasPer JPEG-2000 library libjasper-runtime - Programs for manipulating JPEG-2000 files libjasper1 - JasPer JPEG-2000 runtime library Changes: jasper (1.900.1-debian1-2.4+deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2015-5203: Gustavo Grieco discovered an integer overflow vulnerability that allows remote attackers to cause a denial of service or may have other unspecified impact via a crafted JPEG 2000 image file. * Fix CVE-2015-5221: Josselin Feist found a double-free vulnerability that allows remote attackers to cause a denial-of-service (application crash) by processing a malformed image file. * Fix CVE-2016-8690: Gustavo Grieco discovered a NULL pointer dereference vulnerability that can cause a denial-of-service via a crafted BMP image file. The update also includes the fixes for the related issues CVE-2016-8884 and CVE-2016-8885 which complete the patch for CVE-2016-8690. * Fix CVE-2017-13748: It was discovered that jasper does not properly release memory used to store image tile data when image decoding fails which may lead to a denial-of-service. * Fix CVE-2017-14132: A heap-based buffer over-read was found related to the jas_image_ishomosamp function that could be triggered via a crafted image file and may cause a denial-of-service (application crash) or have other unspecified impact. Checksums-Sha1: ed57c56c08f28c3e756c4a1ff52fa26c19f36772 2120 jasper_1.900.1-debian1-2.4+deb8u4.dsc c5f29ef54f199162a831421883f1a37e9fe8c646 39040 jasper_1.900.1-debian1-2.4+deb8u4.debian.tar.xz 3a08a58e87137625e09b1a035b0319945cdc4b97 135364 libjasper1_1.900.1-debian1-2.4+deb8u4_amd64.deb cc376554eb8ec1250aee5006329d495e08791dbf 525390 libjasper-dev_1.900.1-debian1-2.4+deb8u4_amd64.deb fd2c35468abacd64a722d42f207920ff045e9d86 23590 libjasper-runtime_1.900.1-debian1-2.4+deb8u4_amd64.deb Checksums-Sha256: d10770e6fbffd6a63f554af5c1f49e7fe8415e43a618f80b2a8bcf713ba72c47 2120 jasper_1.900.1-debian1-2.4+deb8u4.dsc 1edc8a12d963e129cadd43dc15010595eebf60af2cc1c30866508b891764f47b 39040 jasper_1.900.1-debian1-2.4+deb8u4.debian.tar.xz 7675065f12000e62d7a0c203b41987476c487e99594f2d5ca1a46bdaa66fc2cc 135364 libjasper1_1.900.1-debian1-2.4+deb8u4_amd64.deb 60260062587c29113e413e0c5726c2bdb6f104a840d9891abb0f673ed7bebc64 525390 libjasper-dev_1.900.1-debian1-2.4+deb8u4_amd64.deb e5783904cc06fd90f8881889ae57418a8f72c34ada8085c20b99b0e5feffe718 23590 libjasper-runtime_1.900.1-debian1-2.4+deb8u4_amd64.deb Files: 0886221e4521e1d065db8616eda4b995 2120 graphics optional jasper_1.900.1-debian1-2.4+deb8u4.dsc ed80bf016e9d501fe760a46648890cd7 39040 graphics optional jasper_1.900.1-debian1-2.4+deb8u4.debian.tar.xz 5827f950d1215cb08733affd8fced5a0 135364 libs optional libjasper1_1.900.1-debian1-2.4+deb8u4_amd64.deb 9b21ba41b4919e233665969633b77ece 525390 libdevel optional libjasper-dev_1.900.1-debian1-2.4+deb8u4_amd64.deb 497659888a8a03b445a05d5638048241 23590 graphics optional libjasper-runtime_1.900.1-debian1-2.4+deb8u4_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlv1XutfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkIWIQAKELhMft588ve5b3PhjJ52nKzL49tfX/TgBC C3elch+sSs6Qfhzn/gMyjmmlBI3dpYFdliIsIz/DFn9iXV2FugeEkDTnWjmjFpjg Igz0hu5W03UbaxDqe428226V0i9iL9nxcQPln+aY74l5hDoaSHU8IaUc7BkBq4/n STrH56VMJnFF4T1NKujeg1Kqeoyv1Cf+9WGPnUr1yNicdUlBQRGYYWITzLW3Yc81 9abFi7L82YlSY/IoQCSO5Ga+P/DXVLuovDnZcn/yeCqNcSycSQY08LFEyTgOJbxp V4TMO50JCps41+00CwUNWkHDVHTp0iGjepiY0T0CV6E4YiM2YZUE/eVpDbvBNXpi ZKzUv21Qt/DBVPreiwEyRAHn/YA8eZr5z6aMrlybw60hNL7eYR/gIalvrXpmlr/q sJoNSPYHv8UtEfCAvGtik0d3zcat9X2KQOCPnIKimJ4CX33kmc+jE0tUxc4Wqckn Eb9DkjVmqfF1cqmHdAgQCFJgJIKy92WhCsFSPpLN23rapAMqXTdbt3z/V7eTRrt8 KrPqPw0eMzBhiQLLoRnT1/ylwuFby0E04JUmOphuhsgs24+3SVuwQohG+sAhDfsC p7JR2jS+F/0j7QsHylo0NFAY2VgdaGlyrnaNVTLYItF2Yh7Lj87KKDYevOoNKAOO KndazIAq =kpSF -----END PGP SIGNATURE-----
