-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 22 Apr 2017 22:03:02 +0200 Source: jasper Binary: libjasper1 libjasper-dev libjasper-runtime Architecture: source amd64 Version: 1.900.1-13+deb7u6 Distribution: wheezy-security Urgency: high Maintainer: Roland Stigge <stigge@antcom.de> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libjasper-dev - Development files for the JasPer JPEG-2000 library libjasper-runtime - Programs for manipulating JPEG-2000 files libjasper1 - JasPer JPEG-2000 runtime library Changes: jasper (1.900.1-13+deb7u6) wheezy-security; urgency=high . * Non-maintainer upload by the Wheezy LTS Team. * CVE-2016-9591 Use-after-free on heap in jas_matrix_destroy The vulnerability exists in code responsible for re-encoding the decoded input image file to a JP2 image. The vulnerability is caused by not setting related pointers to be null after the pointers are freed (i.e. missing Setting-Pointer-Null operations after free). The vulnerability can further cause double-free. * CVE-2016-10251 Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value. * fix for TEMP-CVE from last upload to avoid hassle with SIZE_MAX Checksums-Sha1: 69716668b66848d9021c9cd70bd44e993e7fa631 2051 jasper_1.900.1-13+deb7u6.dsc a20dc389f5962661b7ab81777c8316f8faee3a99 1143400 jasper_1.900.1.orig.tar.gz f2038ca5c88032761f214efa36e74096b4909ee9 40166 jasper_1.900.1-13+deb7u6.debian.tar.gz 585b3e446596585cded3294d516dcc02010e2810 161084 libjasper1_1.900.1-13+deb7u6_amd64.deb 50fe6c5309bd5bb6061cc6e1190558291f675212 570608 libjasper-dev_1.900.1-13+deb7u6_amd64.deb 1940d51014471de3f321feb604dad4237dd58890 27886 libjasper-runtime_1.900.1-13+deb7u6_amd64.deb Checksums-Sha256: 5557e601b45d56b4e9a378de8ed0dbf20238a3ca6be50d410e10b537b0b7c61e 2051 jasper_1.900.1-13+deb7u6.dsc 6cf104e2811f6088ca1dc76d87dd27c55178d3ccced20db8858d28ae22911a94 1143400 jasper_1.900.1.orig.tar.gz 66218e510c7cef7b4744b66c8eed10e4842ca95119401df4109d4fbc61eb1595 40166 jasper_1.900.1-13+deb7u6.debian.tar.gz 6ef52b3aea5c31b5f45f85378cef8d3caf591d1e27725aed9e40292ad148a2d7 161084 libjasper1_1.900.1-13+deb7u6_amd64.deb 3fb6e3db7edb8093c13f35e956be492e974424cb0bca0f331426160b81d28047 570608 libjasper-dev_1.900.1-13+deb7u6_amd64.deb a32ad535ef43a1b27dd7a5ce039cee16c781fea0e10a004d97b4acc9f8e5363d 27886 libjasper-runtime_1.900.1-13+deb7u6_amd64.deb Files: ca81757dbe5d60a4cc4854c4a9df4fac 2051 graphics optional jasper_1.900.1-13+deb7u6.dsc 4ae3dd938fd15f22f30577db5c9f27e9 1143400 graphics optional jasper_1.900.1.orig.tar.gz 3a6bebd0ad4404e1204af59aa03653ea 40166 graphics optional jasper_1.900.1-13+deb7u6.debian.tar.gz 5a070985feb1940da29e85fa82615b37 161084 libs optional libjasper1_1.900.1-13+deb7u6_amd64.deb b1a326e815585d8d6a1af812bc754352 570608 libdevel optional libjasper-dev_1.900.1-13+deb7u6_amd64.deb 0be96be1d6ec9c1eda8a149053007443 27886 graphics optional libjasper-runtime_1.900.1-13+deb7u6_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlkA2ElfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR+h+EACUPOz9vSa1fosRDy8Kf9ysL5tEn/KR g6IH+M8lWWepUxHSg5SrhL7Il7jHMJhmHBjl8Fhd7ySmit/lv7LK+5i9jGp3Nino F5t6tx8kLmjQgk8R+HL2aCBnK+eRsx50GrcSHeF5zjRK3UdjHeSit8RngxJqvXnY bEDa83/qJGfJ04NiO0taUG6bKTgHLQbAUJUsSGrMa6e288OaiAvn3vPUv49DAOie g7LqpHS84vv7E5nFJeyHOpZZ1L/Ruv7GhpgXHfd468SnHTyrmm/X6yLnXVA0GYeE I8X9q4nMhUxC1yxiBDjJTPS8wcf5Z1R/s509piF8T07ahzaRsfNF/TDdAUFiSAQ4 IetwGEno2y7EuPs55CLhs+86mfMycFKUM2clRLsEsVgyjNf51zoFsat8IIc8wAX1 4ViaBGD72Ckj4kBV7AnbwjpOBsARADT87S+SPSmGbmQYUlVJzbQ7YP7TiYiYLu9G sG9vwxKF73Hd1llczxAIGipHDYDNmMGaLp+MVKBVWUK3xa28XFLAQlotKA3j6/f6 SQk4pSKFz4ch5UPDUSuyNkjTIswhYDILkJJftrm+ATU6XQKYOZVeYkkscGFbDUXK 1PZDXYo8nNOQZXSoRvmPxqy7tV/xCfNoJlRfOCaibGizeJZ+0s3rDg3h33Tr5kQA pS4vfda0QoJbUQ== =ww3H -----END PGP SIGNATURE-----
