-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 30 Nov 2016 19:03:02 +0100 Source: jasper Binary: libjasper1 libjasper-dev libjasper-runtime Architecture: source amd64 Version: 1.900.1-13+deb7u5 Distribution: wheezy-security Urgency: high Maintainer: Roland Stigge <stigge@antcom.de> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libjasper-dev - Development files for the JasPer JPEG-2000 library libjasper-runtime - Programs for manipulating JPEG-2000 files libjasper1 - JasPer JPEG-2000 runtime library Changes: jasper (1.900.1-13+deb7u5) wheezy-security; urgency=high . * Non-maintainer upload by the Wheezy LTS Team. * CVE-2016-8691 FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c * CVE-2016-8692 FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c * CVE-2016-8693 attempting double-free ... mem_close ... jas_stream.c * CVE-2016-8882 segfault / null pointer access in jpc_pi_destroy * CVE-2016-9560 stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) * CVE-2016-8887 part 1 + 2 NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) * CVE-2016-8654 Heap-based buffer overflow in QMFB code in JPC codec * CVE-2016-8883 assert in jpc_dec_tiledecode() * TEMP-CVE heap-based buffer overflow in jpc_dec_tiledecode (jpc_dec.c) Checksums-Sha1: c85bfd5e7e8046d809a6e47cc675c8d71d35489d 2051 jasper_1.900.1-13+deb7u5.dsc a20dc389f5962661b7ab81777c8316f8faee3a99 1143400 jasper_1.900.1.orig.tar.gz 4eaba535839e6b2265c218b3e2c04c47654ec32e 38441 jasper_1.900.1-13+deb7u5.debian.tar.gz 2c983220dff0d8e3269267f971d2d19946d18015 160498 libjasper1_1.900.1-13+deb7u5_amd64.deb 8c382b7b67bc45ab7e04cc95c99939cc35a78a03 569782 libjasper-dev_1.900.1-13+deb7u5_amd64.deb d7fdbde64b0e63c65bfde3278f2b8c44fe30e3f3 27806 libjasper-runtime_1.900.1-13+deb7u5_amd64.deb Checksums-Sha256: 546b755c6d9b0683c7bf79d7a78e10c85830f6dd8dfe0e76914291899dd9a79f 2051 jasper_1.900.1-13+deb7u5.dsc 6cf104e2811f6088ca1dc76d87dd27c55178d3ccced20db8858d28ae22911a94 1143400 jasper_1.900.1.orig.tar.gz 45387215521927945ec183bf2723d8ca2394bb365ee430650a329764bbf225df 38441 jasper_1.900.1-13+deb7u5.debian.tar.gz cff8b2dfb9dd35d6296cda91b794ed3adb3a5392e1070a018cd8d5d1a940efee 160498 libjasper1_1.900.1-13+deb7u5_amd64.deb 609b472ef329b02e6a33c347bebb5c1d3ed6bbc38acc4bce16bf8fd15a17a37a 569782 libjasper-dev_1.900.1-13+deb7u5_amd64.deb 5a67c51dd543962d013d460bd6e29d79e6f2caf4277ec6dd1de811b73b810f7d 27806 libjasper-runtime_1.900.1-13+deb7u5_amd64.deb Files: 9299d8a2905e1c1734e6eb0c4a5b882f 2051 graphics optional jasper_1.900.1-13+deb7u5.dsc 4ae3dd938fd15f22f30577db5c9f27e9 1143400 graphics optional jasper_1.900.1.orig.tar.gz 5d2a5a6e05e96d7124b448b1336d4894 38441 graphics optional jasper_1.900.1-13+deb7u5.debian.tar.gz 6c705ae8c10f2d66455560ebb3da3d20 160498 libs optional libjasper1_1.900.1-13+deb7u5_amd64.deb 2333ca31189271bd08484d0a5e359d6e 569782 libdevel optional libjasper-dev_1.900.1-13+deb7u5_amd64.deb 09227b1394f475d5a1c62b707b462e51 27806 graphics optional libjasper-runtime_1.900.1-13+deb7u5_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlhMIQlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR9zKD/0YsBoRWU+csRQWtLBcbuRGY9bXxMC3 HJFV2PJtue/4a2q9HAe7plzsHWxQnCuj9NV88e846Lla01tEqgqfKJ76RDsHzMfU YMn2/iQ5GzygHz2MBNM1BO/LxjJFTCFJpOmuJ82apq3Ssl35fHbOPhon42fzXY+O 81eAzDdeoyw3+qMVHe3HjgWSZ59X1qqVhmnO8fO8hlMxDlTiBpWKlcpIqyATUc8l UQFpJWm/Dh4gdmknAtzIBsxV6ejGLySBcQJj5/877vSwNgh9qF68gnS4Ffu2fHtL lcR4MRBnXFrMuvozKRt7YfPQGau9OMtiViI9Q5+5EmL92iNfdFJAY4hdUXviV5yt kvX7j8as6W3LbJJCF+CaUOkPlnEc/EHY2YnrD4WoHG/qYt8WfdOa+N8/84/jKiSm oB73ZE9zLZ7FRbJBqCGKo3eiQvTBSy94Xf9g7oHMbvvM5/HszGe69enlRaFrRO5Y KR6QUsaJoLwNi+WFKKOTjD6vX4GenJlPKNKgfevdU7KcPro/CvlxmdyBCcyhsJG9 TKsiPE/OmCLj0CUTW6wMqWxQTPLSYrdES9cm88YIz8hliiWe9DEX7qwQuFCjsJgi h9mjGnTYBXXKg/RxJtsmdIsyA90MdCumOPljx0m6c/DDhv2GyNlgV1GnxOKDpY27 iw/K3QpHMQwsZw== =trnt -----END PGP SIGNATURE-----
