[ubuntu/vivid-proposed] jasper 1.900.1-debian1-2.3ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Jan 22 18:32:34 UTC 2015
jasper (1.900.1-debian1-2.3ubuntu1) vivid; urgency=medium
* SECURITY UPDATE: denial of service or code execution via off-by-one
- debian/patches/07-CVE-2014-8157.patch: fix off-by-one in
src/libjasper/jpc/jpc_dec.c.
- CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
corruption
- debian/patches/08-CVE-2014-8158.patch: remove HAVE_VLA to use more
sensible buffer sizes in src/libjasper/jpc/jpc_qmfb.c.
- CVE-2014-8158
Date: Thu, 22 Jan 2015 13:01:38 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/jasper/1.900.1-debian1-2.3ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 22 Jan 2015 13:01:38 -0500
Source: jasper
Binary: libjasper1 libjasper-dev libjasper-runtime
Architecture: source
Version: 1.900.1-debian1-2.3ubuntu1
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libjasper-dev - Development files for the JasPer JPEG-2000 library
libjasper-runtime - Programs for manipulating JPEG-2000 files
libjasper1 - JasPer JPEG-2000 runtime library
Changes:
jasper (1.900.1-debian1-2.3ubuntu1) vivid; urgency=medium
.
* SECURITY UPDATE: denial of service or code execution via off-by-one
- debian/patches/07-CVE-2014-8157.patch: fix off-by-one in
src/libjasper/jpc/jpc_dec.c.
- CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
corruption
- debian/patches/08-CVE-2014-8158.patch: remove HAVE_VLA to use more
sensible buffer sizes in src/libjasper/jpc/jpc_qmfb.c.
- CVE-2014-8158
Checksums-Sha1:
6fe96ca8ee692bf10aa6a79458f35ec7f10dbe1f 2034 jasper_1.900.1-debian1-2.3ubuntu1.dsc
bf73055acf14cd529218e8988ea7d0602ae644c6 29716 jasper_1.900.1-debian1-2.3ubuntu1.debian.tar.xz
Checksums-Sha256:
3beebd4724a3cb9af49992aa60a78d5bbb6e51ac47b6b80dfc2afaaa35fdaa70 2034 jasper_1.900.1-debian1-2.3ubuntu1.dsc
529fcb7044ee0c2da3798d06d5139a551068834d352335739c4ddcdbea8286e6 29716 jasper_1.900.1-debian1-2.3ubuntu1.debian.tar.xz
Files:
91907fc08f66a1eb28bce0848f4cbe3f 2034 graphics optional jasper_1.900.1-debian1-2.3ubuntu1.dsc
bd75f54729beff4a6839fbbf23d3d0f2 29716 graphics optional jasper_1.900.1-debian1-2.3ubuntu1.debian.tar.xz
Original-Maintainer: Roland Stigge <stigge at antcom.de>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUwUGBAAoJEGVp2FWnRL6TBnEP/1HDQIoxgSKYBBWBl8xRfD4w
BONnasF+qxrr+8zs3rYwazN8EXLo1d7vhqrLQ7X+MjAVrciEIsaUqYp6eao4S798
HKWEosiXqWw+LhA4ghr4zzPDgKX+YbNkl1setXkQ72zISpPqbE13EfkxnMWvsP0w
SE1r9A0cq1YQEaUJ/y5xAq2eBRlg6LZC8eAP+zoGEZuLWChOmLYk3R5vINDaA/WZ
5Ai+68M10zqs0f4myPkJ/NQGn4V81nDH2cycc4A5XwPSqTWiYWWzG/TeXZJlJsuW
FyBheFw2s7en1V08F1v8NHeOK0gBly9z0px4PsqZMan0rxYgMWFaSXNHBeGElaYf
aFbo+ldPY1sKqJO8FMEGTiijIp+UxnLvIZoi9rgiDHoKaaGwT7z/D6VGnA42c60B
eaWT3eeaLlZzGl5oej5nGdNh9kD1jN2ZjJW4OsKcuZT+wZUFbF5r5LjR0OI7ehPU
eF+n0PfoRfX9UOd726/uHFnQ+loZkZTnb7JpK2tOJ1uVd4gwyw1P3VD3xCxoTFyP
I7qNpzAcdc1ylWp5O5bJYoKnvUmM928p4RBNDTuLHB7RhwybfzRyhAthy8DEN5+J
MBlimlHspTiHSU8rVFjXDXGIdncflMBXx3/ZuaAaOWTBbN1F4pbR8GYITiPnCs7D
IexX9KfPWbfaDOqgcQRo
=ASIW
-----END PGP SIGNATURE-----
More information about the Vivid-changes
mailing list