Format: 1.7
Date: Wed, 18 Mar 2009 13:22:57 -0400
Source: jasper
Binary: libjasper-dev libjasper-runtime libjasper1
Architecture: ia64
Version: 1.900.1-3ubuntu0.7.10.1
Distribution: gutsy
Urgency: low
Maintainer: Ubuntu/ia64 Build Daemon <buildd@hooker.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 libjasper-dev - Development files for the JasPer JPEG-2000 library
 libjasper-runtime - Programs for manipulating JPEG-2000 files
 libjasper1 - The JasPer JPEG-2000 runtime library
Changes: 
 jasper (1.900.1-3ubuntu0.7.10.1) gutsy-security; urgency=low
 .
   * SECURITY UPDATE: integer overflows via integer multiplication for
     memory allocation
     - src/libjasper/include/jasper/jas_malloc.h,
       src/libjasper/base/jas_malloc.c:
       * introduce new size-checked allocation functions
     - src/libjasper/base/jas_*.c,
       src/libjasper/bmp/bmp_dec.c,
       src/libjasper/jp2/jp2_*.c,
       src/libjasper/jpc/jpc_*.c,
       src/libjasper/mif/mif_cod.c:
       * use new size-checked allocation functions
     - CVE-2008-3520
   * SECURITY UPDATE: denial of service via temporary file name prediction
     - src/libjasper/base/jas_stream.c: use mkstemp()
     - CVE-2008-3521
   * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
     - src/libjasper/base/jas_stream.c: use vsnprintf()
     - CVE-2008-3522
Files: 
 9c829058e862c106578a5cc844946d0f 221888 libs optional libjasper1_1.900.1-3ubuntu0.7.10.1_ia64.deb
 5c1079d71c0d8364f30cbb5bd1fdb50f 642796 libdevel optional libjasper-dev_1.900.1-3ubuntu0.7.10.1_ia64.deb
 2f6d129545973beb5f544a2697fab7db 34334 graphics optional libjasper-runtime_1.900.1-3ubuntu0.7.10.1_ia64.deb
Original-Maintainer: Roland Stigge <stigge@antcom.de>