internal jasper should be patched for CVE-2007-2721
Bug #153765 reported by
Ralph Giles
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ghostscript (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Dapper |
Invalid
|
Undecided
|
Unassigned | ||
Edgy |
Invalid
|
Undecided
|
Unassigned | ||
Feisty |
Invalid
|
Undecided
|
Unassigned | ||
Gutsy |
Fix Released
|
Medium
|
Kees Cook | ||
Hardy |
Fix Released
|
Medium
|
Unassigned | ||
gs-gpl (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Dapper |
Invalid
|
Undecided
|
Unassigned | ||
Edgy |
Fix Released
|
Medium
|
Kees Cook | ||
Feisty |
Fix Released
|
Medium
|
Kees Cook | ||
Gutsy |
Invalid
|
Undecided
|
Unassigned | ||
Hardy |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: ghostscript
The memory corruption issue with malformed input in jasper described in CVE-2007-2721 also applies to the modified copy of the jasper 1.701 jpeg2k library included with Ghostscript. The same patch should be applied to the version in the Ghostscript package.
We've made the change upstream in r8298. http://
Changed in gs-gpl: | |
status: | New → Invalid |
To post a comment you must log in.
Thanks for the heads-up! We will prepare updates. Is there a reason that ghostscript doesn't link against the system libjasper instead?