Format: 1.8 Date: Wed, 27 Jun 2018 07:48:44 -0400 Source: jasper Binary: libjasper1 libjasper-dev libjasper-runtime Architecture: powerpc Version: 1.900.1-debian1-2.4ubuntu1.2 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libjasper-dev - Development files for the JasPer JPEG-2000 library libjasper-runtime - Programs for manipulating JPEG-2000 files libjasper1 - JasPer JPEG-2000 runtime library Changes: jasper (1.900.1-debian1-2.4ubuntu1.2) xenial-security; urgency=medium . * SECURITY UPDATE: double-free in jasper_image_stop_load - debian/patches/CVE-2015-5203-CVE-2016-9262.patch: fix overflow and double free in src/libjasper/base/jas_image.c, src/libjasper/include/jasper/jas_math.h. (Thanks to Red Hat for the patch!) - CVE-2015-5203 * SECURITY UPDATE: use-after-free in mif_process_cmpt - debian/patches/CVE-2015-5221.patch: fix use-after-free in src/libjasper/mif/mif_cod.c. - CVE-2015-5221 * SECURITY UPDATE: denial of service in jpc_tsfb_synthesize - debian/patches/CVE-2016-10248.patch: fix type promotion and prevent null pointer dereference in src/libjasper/include/jasper/jas_seq.h, src/libjasper/jpc/jpc_dec.c, src/libjasper/jpc/jpc_tsfb.c. - CVE-2016-10248 * SECURITY UPDATE: denial of service in jp2_colr_destroy - debian/patches/CVE-2016-10250.patch: fix cleanup in src/libjasper/jp2/jp2_cod.c. - CVE-2016-10250 * SECURITY UPDATE: denial of service in jpc_dec_tiledecode - debian/patches/CVE-2016-8883.patch: remove asserts in src/libjasper/jpc/jpc_dec.c. - CVE-2016-8883 * SECURITY UPDATE: denial of service in jp2_colr_destroy - debian/patches/CVE-2016-8887.patch: don't destroy box that doesn't exist in src/libjasper/jp2/jp2_cod.c, src/libjasper/jp2/jp2_dec.c. - CVE-2016-8887 * SECURITY UPDATE: integer overflow in jpc_dec_process_siz - debian/patches/CVE-2016-9387-1.patch: fix overflow in src/libjasper/jpc/jpc_dec.c. - debian/patches/CVE-2016-9387-2.patch: add more checks to src/libjasper/jpc/jpc_dec.c. - CVE-2016-9387 * SECURITY UPDATE: denial of service in ras_getcmap - debian/patches/CVE-2016-9388.patch: remove assertions in src/libjasper/ras/ras_dec.c, src/libjasper/ras/ras_enc.c. - CVE-2016-9388 * SECURITY UPDATE: denial of service in jpc_irct and jpc_iict functions - debian/patches/CVE-2016-9389.patch: add check to src/libjasper/base/jas_image.c, src/libjasper/jpc/jpc_dec.c, src/libjasper/include/jasper/jas_image.h. - CVE-2016-9389 * SECURITY UPDATE: denial of service in jas_seq2d_create - debian/patches/CVE-2016-9390.patch: check tiles in src/libjasper/jpc/jpc_cs.c. - CVE-2016-9390 * SECURITY UPDATE: denial of service in jpc_bitstream_getbits - debian/patches/CVE-2016-9391.patch: add tests to src/libjasper/jpc/jpc_bs.c, src/libjasper/jpc/jpc_cs.c. - CVE-2016-9391 * SECURITY UPDATE: multiple denial of service issues - debian/patches/CVE-2016-9392-3-4.patch: add more checks to src/libjasper/jpc/jpc_cs.c. - CVE-2016-9392 - CVE-2016-9393 - CVE-2016-9394 * SECURITY UPDATE: denial of service in JPC_NOMINALGAIN - debian/patches/CVE-2016-9396.patch: add check to src/libjasper/jpc/jpc_cs.c. - CVE-2016-9396 * SECURITY UPDATE: denial of service via crafted image - debian/patches/CVE-2016-9600.patch: add more checks to src/libjasper/jp2/jp2_enc.c. - CVE-2016-9600 * SECURITY UPDATE: NULL pointer exception in jp2_encode - debian/patches/CVE-2017-1000050.patch: check number of components in src/libjasper/jp2/jp2_enc.c. - CVE-2017-1000050 * SECURITY UPDATE: denial of service in jp2_cdef_destroy - debian/patches/CVE-2017-6850.patch: initialize data in src/libjasper/base/jas_stream.c, src/libjasper/jp2/jp2_cod.c. - CVE-2017-6850 Checksums-Sha1: 8199e305e4a773b8f501ab3b1195268e5f6f33d7 504048 libjasper-dev_1.900.1-debian1-2.4ubuntu1.2_powerpc.deb 99f9ae5c4bae66d7180197bae29a7c687b7c9340 30536 libjasper-runtime-dbgsym_1.900.1-debian1-2.4ubuntu1.2_powerpc.ddeb 3c15b3b8b5ea62260338bbd1ad176e337941e9d8 19378 libjasper-runtime_1.900.1-debian1-2.4ubuntu1.2_powerpc.deb 0ef0366f4d5f90d5b3b71422fc7f0bcb4c54ccda 239874 libjasper1-dbgsym_1.900.1-debian1-2.4ubuntu1.2_powerpc.ddeb 5d7777a10c71e9dce738b34c9531459371d6b074 116508 libjasper1_1.900.1-debian1-2.4ubuntu1.2_powerpc.deb Checksums-Sha256: 111167645d35f88c006f58babf389607d8df1a79e778f0bb4aeceac1a7233013 504048 libjasper-dev_1.900.1-debian1-2.4ubuntu1.2_powerpc.deb 415385983ec8cbdca7bc0288314a72cee4c80b49c68a3691fe48718d38ac8437 30536 libjasper-runtime-dbgsym_1.900.1-debian1-2.4ubuntu1.2_powerpc.ddeb e25e7ae4b807151f823bba62779a75611536cae9de0346aaec5c31df758696e1 19378 libjasper-runtime_1.900.1-debian1-2.4ubuntu1.2_powerpc.deb f1a60aa0708bdbebf1c139d204e4becce0ec63737c05388dc6f86428b5851b0c 239874 libjasper1-dbgsym_1.900.1-debian1-2.4ubuntu1.2_powerpc.ddeb 07c0d89c4dd25d7b9916ce14066b2b895495f989b3459b79199a4236116f3a0a 116508 libjasper1_1.900.1-debian1-2.4ubuntu1.2_powerpc.deb Files: 05716d738bfd4d56c4813ac6d65ee1e7 504048 libdevel optional libjasper-dev_1.900.1-debian1-2.4ubuntu1.2_powerpc.deb 4f05b0608291de1b8ad4e7f50d532ec6 30536 graphics extra libjasper-runtime-dbgsym_1.900.1-debian1-2.4ubuntu1.2_powerpc.ddeb 03514b0db3c32adea157a0908d5e5f7e 19378 graphics optional libjasper-runtime_1.900.1-debian1-2.4ubuntu1.2_powerpc.deb 5cd0ff31213bef579d44250c06f699cc 239874 libs extra libjasper1-dbgsym_1.900.1-debian1-2.4ubuntu1.2_powerpc.ddeb 754972adb5e9f56b070e88de82afcc3b 116508 libs optional libjasper1_1.900.1-debian1-2.4ubuntu1.2_powerpc.deb Original-Maintainer: Roland Stigge