Change log for jasper package in Ubuntu
| 1 → 50 of 56 results | First • Previous • Next • Last |
jasper (1.900.1-debian1-2.4ubuntu1.3) xenial-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2018-18873.patch: check components for RGB,
fixes NULL pointer deference in src/libjasper/ras/ras_enc.c.
- CVE-2018-18873
* SECURITY UPDATE: Null pointer dereference
- debian/patches/CVE-2018-19542-and-CVE-2017-9782.patch: fix numchans mixup,
NULL dereference in src/libjasper/jp2/jp2_dec.c.
- CVE-2018-19542
- CVE-2017-9782
* SECURITY UPDATE: Out of bounds write
- debian/patches/CVE-2020-27828.patch: avoid maxrlvls more
than upper bound to cause heap-buffer-overflow in
src/libjasper/jpc/jpc_enc.c.
- CVE-2020-27828
-- Leonidas Da Silva Barbosa <email address hidden> Fri, 08 Jan 2021 11:19:23 -0300
Available diffs
jasper (1.900.1-14ubuntu3.5) trusty-security; urgency=medium
* SECURITY UPDATE: double-free in jasper_image_stop_load
- debian/patches/CVE-2015-5203-CVE-2016-9262.patch: fix overflow and
double free in src/libjasper/base/jas_image.c,
src/libjasper/include/jasper/jas_math.h.
(Thanks to Red Hat for the patch!)
- CVE-2015-5203
* SECURITY UPDATE: use-after-free in mif_process_cmpt
- debian/patches/CVE-2015-5221.patch: fix use-after-free in
src/libjasper/mif/mif_cod.c.
- CVE-2015-5221
* SECURITY UPDATE: denial of service in jpc_tsfb_synthesize
- debian/patches/CVE-2016-10248.patch: fix type promotion and prevent
null pointer dereference in src/libjasper/include/jasper/jas_seq.h,
src/libjasper/jpc/jpc_dec.c, src/libjasper/jpc/jpc_tsfb.c.
- CVE-2016-10248
* SECURITY UPDATE: denial of service in jp2_colr_destroy
- debian/patches/CVE-2016-10250.patch: fix cleanup in
src/libjasper/jp2/jp2_cod.c.
- CVE-2016-10250
* SECURITY UPDATE: denial of service in jpc_dec_tiledecode
- debian/patches/CVE-2016-8883.patch: remove asserts in
src/libjasper/jpc/jpc_dec.c.
- CVE-2016-8883
* SECURITY UPDATE: denial of service in jp2_colr_destroy
- debian/patches/CVE-2016-8887.patch: don't destroy box that doesn't
exist in src/libjasper/jp2/jp2_cod.c, src/libjasper/jp2/jp2_dec.c.
- CVE-2016-8887
* SECURITY UPDATE: integer overflow in jpc_dec_process_siz
- debian/patches/CVE-2016-9387-1.patch: fix overflow in
src/libjasper/jpc/jpc_dec.c.
- debian/patches/CVE-2016-9387-2.patch: add more checks to
src/libjasper/jpc/jpc_dec.c.
- CVE-2016-9387
* SECURITY UPDATE: denial of service in ras_getcmap
- debian/patches/CVE-2016-9388.patch: remove assertions in
src/libjasper/ras/ras_dec.c, src/libjasper/ras/ras_enc.c.
- CVE-2016-9388
* SECURITY UPDATE: denial of service in jpc_irct and jpc_iict functions
- debian/patches/CVE-2016-9389.patch: add check to
src/libjasper/base/jas_image.c, src/libjasper/jpc/jpc_dec.c,
src/libjasper/include/jasper/jas_image.h.
- CVE-2016-9389
* SECURITY UPDATE: denial of service in jas_seq2d_create
- debian/patches/CVE-2016-9390.patch: check tiles in
src/libjasper/jpc/jpc_cs.c.
- CVE-2016-9390
* SECURITY UPDATE: denial of service in jpc_bitstream_getbits
- debian/patches/CVE-2016-9391.patch: add tests to
src/libjasper/jpc/jpc_bs.c, src/libjasper/jpc/jpc_cs.c.
- CVE-2016-9391
* SECURITY UPDATE: multiple denial of service issues
- debian/patches/CVE-2016-9392-3-4.patch: add more checks to
src/libjasper/jpc/jpc_cs.c.
- CVE-2016-9392
- CVE-2016-9393
- CVE-2016-9394
* SECURITY UPDATE: denial of service in JPC_NOMINALGAIN
- debian/patches/CVE-2016-9396.patch: add check to
src/libjasper/jpc/jpc_cs.c.
- CVE-2016-9396
* SECURITY UPDATE: denial of service via crafted image
- debian/patches/CVE-2016-9600.patch: add more checks to
src/libjasper/jp2/jp2_enc.c.
- CVE-2016-9600
* SECURITY UPDATE: NULL pointer exception in jp2_encode
- debian/patches/CVE-2017-1000050.patch: check number of components in
src/libjasper/jp2/jp2_enc.c.
- CVE-2017-1000050
* SECURITY UPDATE: denial of service in jp2_cdef_destroy
- debian/patches/CVE-2017-6850.patch: initialize data in
src/libjasper/base/jas_stream.c, src/libjasper/jp2/jp2_cod.c.
- CVE-2017-6850
-- Marc Deslauriers <email address hidden> Wed, 27 Jun 2018 11:04:48 -0400
Available diffs
jasper (1.900.1-debian1-2.4ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: double-free in jasper_image_stop_load
- debian/patches/CVE-2015-5203-CVE-2016-9262.patch: fix overflow and
double free in src/libjasper/base/jas_image.c,
src/libjasper/include/jasper/jas_math.h.
(Thanks to Red Hat for the patch!)
- CVE-2015-5203
* SECURITY UPDATE: use-after-free in mif_process_cmpt
- debian/patches/CVE-2015-5221.patch: fix use-after-free in
src/libjasper/mif/mif_cod.c.
- CVE-2015-5221
* SECURITY UPDATE: denial of service in jpc_tsfb_synthesize
- debian/patches/CVE-2016-10248.patch: fix type promotion and prevent
null pointer dereference in src/libjasper/include/jasper/jas_seq.h,
src/libjasper/jpc/jpc_dec.c, src/libjasper/jpc/jpc_tsfb.c.
- CVE-2016-10248
* SECURITY UPDATE: denial of service in jp2_colr_destroy
- debian/patches/CVE-2016-10250.patch: fix cleanup in
src/libjasper/jp2/jp2_cod.c.
- CVE-2016-10250
* SECURITY UPDATE: denial of service in jpc_dec_tiledecode
- debian/patches/CVE-2016-8883.patch: remove asserts in
src/libjasper/jpc/jpc_dec.c.
- CVE-2016-8883
* SECURITY UPDATE: denial of service in jp2_colr_destroy
- debian/patches/CVE-2016-8887.patch: don't destroy box that doesn't
exist in src/libjasper/jp2/jp2_cod.c, src/libjasper/jp2/jp2_dec.c.
- CVE-2016-8887
* SECURITY UPDATE: integer overflow in jpc_dec_process_siz
- debian/patches/CVE-2016-9387-1.patch: fix overflow in
src/libjasper/jpc/jpc_dec.c.
- debian/patches/CVE-2016-9387-2.patch: add more checks to
src/libjasper/jpc/jpc_dec.c.
- CVE-2016-9387
* SECURITY UPDATE: denial of service in ras_getcmap
- debian/patches/CVE-2016-9388.patch: remove assertions in
src/libjasper/ras/ras_dec.c, src/libjasper/ras/ras_enc.c.
- CVE-2016-9388
* SECURITY UPDATE: denial of service in jpc_irct and jpc_iict functions
- debian/patches/CVE-2016-9389.patch: add check to
src/libjasper/base/jas_image.c, src/libjasper/jpc/jpc_dec.c,
src/libjasper/include/jasper/jas_image.h.
- CVE-2016-9389
* SECURITY UPDATE: denial of service in jas_seq2d_create
- debian/patches/CVE-2016-9390.patch: check tiles in
src/libjasper/jpc/jpc_cs.c.
- CVE-2016-9390
* SECURITY UPDATE: denial of service in jpc_bitstream_getbits
- debian/patches/CVE-2016-9391.patch: add tests to
src/libjasper/jpc/jpc_bs.c, src/libjasper/jpc/jpc_cs.c.
- CVE-2016-9391
* SECURITY UPDATE: multiple denial of service issues
- debian/patches/CVE-2016-9392-3-4.patch: add more checks to
src/libjasper/jpc/jpc_cs.c.
- CVE-2016-9392
- CVE-2016-9393
- CVE-2016-9394
* SECURITY UPDATE: denial of service in JPC_NOMINALGAIN
- debian/patches/CVE-2016-9396.patch: add check to
src/libjasper/jpc/jpc_cs.c.
- CVE-2016-9396
* SECURITY UPDATE: denial of service via crafted image
- debian/patches/CVE-2016-9600.patch: add more checks to
src/libjasper/jp2/jp2_enc.c.
- CVE-2016-9600
* SECURITY UPDATE: NULL pointer exception in jp2_encode
- debian/patches/CVE-2017-1000050.patch: check number of components in
src/libjasper/jp2/jp2_enc.c.
- CVE-2017-1000050
* SECURITY UPDATE: denial of service in jp2_cdef_destroy
- debian/patches/CVE-2017-6850.patch: initialize data in
src/libjasper/base/jas_stream.c, src/libjasper/jp2/jp2_cod.c.
- CVE-2017-6850
-- Marc Deslauriers <email address hidden> Wed, 27 Jun 2018 07:48:44 -0400
Available diffs
jasper (1.900.1-debian1-2.4ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/*: synchronize security fixes with Debian's
1.900.1-debian1-2.4+deb8u3 release. Thanks!
- CVE-2016-1867, CVE-2016-2089, CVE-2016-8654, CVE-2016-8691,
CVE-2016-8692, CVE-2016-8693, CVE-2016-8882, CVE-2016-9560,
CVE-2016-9591, CVE-2016-10249, CVE-2016-10251
-- Marc Deslauriers <email address hidden> Thu, 18 May 2017 10:37:26 -0400
Available diffs
jasper (1.900.1-14ubuntu3.4) trusty-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/*: synchronize security fixes with Debian's
1.900.1-debian1-2.4+deb8u3 release. Thanks!
- CVE-2016-1867, CVE-2016-2089, CVE-2016-8654, CVE-2016-8691,
CVE-2016-8692, CVE-2016-8693, CVE-2016-8882, CVE-2016-9560,
CVE-2016-9591, CVE-2016-10249, CVE-2016-10251
-- Marc Deslauriers <email address hidden> Thu, 18 May 2017 10:42:09 -0400
Available diffs
jasper (1.900.1-debian1-2.4+deb8u3build0.16.10.1) yakkety-security; urgency=medium * fake sync from Debian
jasper (1.900.1-debian1-2.4+deb8u2build0.16.10.1) yakkety-security; urgency=medium * fake sync from Debian
Available diffs
| Deleted in zesty-release (Reason: Removed from Debian; https://bugs.debian.org/812630) |
| Obsolete in yakkety-release |
| Superseded in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
jasper (1.900.1-debian1-2.4+deb8u1) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2016-1577: Prevent double-free in jas_iccattrval_destroy()
(Closes: #816625)
* CVE-2016-2089: matrix rows_ NULL pointer dereference in jas_matrix_clip()
(Closes: #812978)
* CVE-2016-2116: Prevent jas_stream_t memory leak in
jas_iccprof_createfrombuf() (Closes: #816626)
-- Salvatore Bonaccorso <email address hidden> Sun, 06 Mar 2016 14:49:44 +0100
Available diffs
| Superseded in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
jasper (1.900.1-debian1-2.4ubuntu1) xenial; urgency=medium
* SECURITY UPDATE: Denial of service or possible code execution via crafted
ICC color profile (LP: #1547865)
- debian/patches/09-CVE-2016-1577.patch: Prevent double-free in
src/libjasper/base/jas_icc.c
- CVE-2016-1577
* SECURITY UPDATE: Denial of service via resource exhaustion via crafted ICC
color profile
- debian/patches/10-CVE-2016-2116.patch: Prevent memory leak in
src/libjasper/base/jas_icc.c
- CVE-2016-2116
-- Tyler Hicks <email address hidden> Wed, 02 Mar 2016 15:30:54 -0600
Available diffs
jasper (1.900.1-debian1-2.4ubuntu0.15.10.1) wily-security; urgency=medium
* SECURITY UPDATE: Denial of service or possible code execution via crafted
ICC color profile (LP: #1547865)
- debian/patches/09-CVE-2016-1577.patch: Prevent double-free in
src/libjasper/base/jas_icc.c
- CVE-2016-1577
* SECURITY UPDATE: Denial of service via resource exhaustion via crafted ICC
color profile
- debian/patches/10-CVE-2016-2116.patch: Prevent memory leak in
src/libjasper/base/jas_icc.c
- CVE-2016-2116
-- Tyler Hicks <email address hidden> Fri, 26 Feb 2016 00:07:11 -0600
Available diffs
jasper (1.900.1-13ubuntu0.3) precise-security; urgency=medium
* SECURITY UPDATE: Denial of service or possible code execution via crafted
ICC color profile (LP: #1547865)
- debian/patches/09-CVE-2016-1577.patch: Prevent double-free in
src/libjasper/base/jas_icc.c
- CVE-2016-1577
* SECURITY UPDATE: Denial of service via resource exhaustion via crafted ICC
color profile
- debian/patches/10-CVE-2016-2116.patch: Prevent memory leak in
src/libjasper/base/jas_icc.c
- CVE-2016-2116
-- Tyler Hicks <email address hidden> Fri, 26 Feb 2016 00:07:11 -0600
Available diffs
jasper (1.900.1-14ubuntu3.3) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service or possible code execution via crafted
ICC color profile (LP: #1547865)
- debian/patches/09-CVE-2016-1577.patch: Prevent double-free in
src/libjasper/base/jas_icc.c
- CVE-2016-1577
* SECURITY UPDATE: Denial of service via resource exhaustion via crafted ICC
color profile
- debian/patches/10-CVE-2016-2116.patch: Prevent memory leak in
src/libjasper/base/jas_icc.c
- CVE-2016-2116
-- Tyler Hicks <email address hidden> Fri, 26 Feb 2016 00:07:11 -0600
Available diffs
| Superseded in xenial-release |
| Obsolete in wily-release |
| Obsolete in vivid-release |
| Deleted in vivid-proposed (Reason: moved to release) |
jasper (1.900.1-debian1-2.4) unstable; urgency=high
* Non-maintainer upload.
* Add 07-CVE-2014-8157.patch patch.
CVE-2014-8157: dec->numtiles off-by-one check in jpc_dec_process_sot().
(Closes: #775970)
* Add 08-CVE-2014-8158.patch patch.
CVE-2014-8158: unrestricted stack memory use in jpc_qmfb.c (Closes: #775970)
-- Salvatore Bonaccorso <email address hidden> Thu, 22 Jan 2015 17:09:24 +0100
Available diffs
jasper (1.900.1-13ubuntu0.2) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted ICC color profile
- debian/patches/05-CVE-2014-8137.patch: prevent double-free in
src/libjasper/base/jas_icc.c, remove assert in
src/libjasper/jp2/jp2_dec.c.
- CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
channel number
- debian/patches/06-CVE-2014-8138.patch: validate channel number in
src/libjasper/jp2/jp2_dec.c.
- CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
- debian/patches/07-CVE-2014-8157.patch: fix off-by-one in
src/libjasper/jpc/jpc_dec.c.
- CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
corruption
- debian/patches/08-CVE-2014-8158.patch: remove HAVE_VLA to use more
sensible buffer sizes in src/libjasper/jpc/jpc_qmfb.c.
- CVE-2014-8158
-- Marc Deslauriers <email address hidden> Thu, 22 Jan 2015 13:00:54 -0500
Available diffs
jasper (1.900.1-debian1-2.3ubuntu1) vivid; urgency=medium
* SECURITY UPDATE: denial of service or code execution via off-by-one
- debian/patches/07-CVE-2014-8157.patch: fix off-by-one in
src/libjasper/jpc/jpc_dec.c.
- CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
corruption
- debian/patches/08-CVE-2014-8158.patch: remove HAVE_VLA to use more
sensible buffer sizes in src/libjasper/jpc/jpc_qmfb.c.
- CVE-2014-8158
-- Marc Deslauriers <email address hidden> Thu, 22 Jan 2015 13:01:38 -0500
Available diffs
jasper (1.900.1-debian1-2ubuntu0.2) utopic-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted ICC color profile
- debian/patches/05-CVE-2014-8137.patch: prevent double-free in
src/libjasper/base/jas_icc.c, remove assert in
src/libjasper/jp2/jp2_dec.c.
- CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
channel number
- debian/patches/06-CVE-2014-8138.patch: validate channel number in
src/libjasper/jp2/jp2_dec.c.
- CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
- debian/patches/07-CVE-2014-8157.patch: fix off-by-one in
src/libjasper/jpc/jpc_dec.c.
- CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
corruption
- debian/patches/08-CVE-2014-8158.patch: remove HAVE_VLA to use more
sensible buffer sizes in src/libjasper/jpc/jpc_qmfb.c.
- CVE-2014-8158
-- Marc Deslauriers <email address hidden> Thu, 22 Jan 2015 12:49:54 -0500
Available diffs
jasper (1.900.1-14ubuntu3.2) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted ICC color profile
- debian/patches/05-CVE-2014-8137.patch: prevent double-free in
src/libjasper/base/jas_icc.c, remove assert in
src/libjasper/jp2/jp2_dec.c.
- CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
channel number
- debian/patches/06-CVE-2014-8138.patch: validate channel number in
src/libjasper/jp2/jp2_dec.c.
- CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
- debian/patches/07-CVE-2014-8157.patch: fix off-by-one in
src/libjasper/jpc/jpc_dec.c.
- CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
corruption
- debian/patches/08-CVE-2014-8158.patch: remove HAVE_VLA to use more
sensible buffer sizes in src/libjasper/jpc/jpc_qmfb.c.
- CVE-2014-8158
-- Marc Deslauriers <email address hidden> Thu, 22 Jan 2015 13:00:10 -0500
Available diffs
jasper (1.900.1-debian1-2.3) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Add 05-CVE-2014-8137.patch patch.
CVE-2014-8137: double-free in in jas_iccattrval_destroy(). (Closes: #773463)
* Add 06-CVE-2014-8138.patch patch.
CVE-2014-8138: heap overflow in jp2_decode(). (Closes: #773463)
-- Salvatore Bonaccorso <email address hidden> Sat, 20 Dec 2014 08:42:19 +0100
Available diffs
jasper (1.900.1-14ubuntu3.1) trusty-security; urgency=medium
* SECURITY UPDATE: heap overflows via crafted jp2 file
- debian/patches/04-CVE-2014-9029.patch: fix off-by-one in
src/libjasper/jpc/jpc_dec.c.
- CVE-2014-9029
-- Marc Deslauriers <email address hidden> Fri, 05 Dec 2014 09:01:05 -0500
Available diffs
jasper (1.900.1-debian1-2ubuntu0.1) utopic-security; urgency=medium
* SECURITY UPDATE: heap overflows via crafted jp2 file
- debian/patches/04-CVE-2014-9029.patch: fix off-by-one in
src/libjasper/jpc/jpc_dec.c.
- CVE-2014-9029
-- Marc Deslauriers <email address hidden> Fri, 05 Dec 2014 08:57:45 -0500
Available diffs
jasper (1.900.1-13ubuntu0.1) precise-security; urgency=medium
* SECURITY UPDATE: heap overflows via crafted jp2 file
- debian/patches/04-CVE-2014-9029.patch: fix off-by-one in
src/libjasper/jpc/jpc_dec.c.
- CVE-2014-9029
-- Marc Deslauriers <email address hidden> Fri, 05 Dec 2014 09:02:00 -0500
Available diffs
jasper (1.900.1-debian1-2.2) unstable; urgency=high
* Non-maintainer upload.
* Add 04-CVE-2014-9029.patch patch.
CVE-2014-9029: incorrect component number check in COC, RGN and QCC
marker segment decoders. (Closes: #772036)
-- Salvatore Bonaccorso <email address hidden> Fri, 05 Dec 2014 08:39:16 +0100
Available diffs
- diff from 1.900.1-debian1-2.1 to 1.900.1-debian1-2.2 (1015 bytes)
jasper (1.900.1-debian1-2.1) unstable; urgency=medium
* Non-maintainer upload (acked by maintainer)
* Change B-D to libjpeg-dev to finish the transition to libjpeg-turbo
(Closes: #763475)
-- Ondřej Surý <email address hidden> Mon, 29 Sep 2014 15:25:32 +0200
Available diffs
| Superseded in vivid-release |
| Obsolete in utopic-release |
| Deleted in utopic-proposed (Reason: moved to release) |
jasper (1.900.1-debian1-2) unstable; urgency=medium
* debian/rules: Changed from dh $@ --with autotools_dev to autoreconf
to fix build issue on new architectures (Closes: #747507)
-- Roland Stigge <email address hidden> Sun, 18 May 2014 19:46:12 +0200
Available diffs
| Superseded in utopic-release |
| Published in trusty-release |
| Deleted in trusty-proposed (Reason: moved to release) |
jasper (1.900.1-14ubuntu3) trusty; urgency=low * Build using dh-autoreconf. -- Matthias Klose <email address hidden> Fri, 06 Dec 2013 15:37:06 +0100
Available diffs
| Superseded in trusty-proposed |
jasper (1.900.1-14ubuntu2) trusty; urgency=low * Build using dh-autoreconf. -- Matthias Klose <email address hidden> Fri, 06 Dec 2013 15:37:06 +0100
Available diffs
- diff from 1.900.1-14ubuntu1 to 1.900.1-14ubuntu2 (641 bytes)
| Superseded in trusty-proposed |
jasper (1.900.1-14ubuntu1) trusty; urgency=low * Build using dh-autoreconf. -- Matthias Klose <email address hidden> Fri, 06 Dec 2013 15:37:06 +0100
Available diffs
| Superseded in trusty-release |
| Obsolete in saucy-release |
| Obsolete in raring-release |
| Deleted in raring-proposed (Reason: moved to release) |
jasper (1.900.1-14) unstable; urgency=low
* Fix FTBFS on Hurd by defining PATH_MAX (Closes: #690298)
Thanks to Pino Toscano!
-- Roland Stigge <email address hidden> Sat, 13 Oct 2012 18:06:57 +0200
Available diffs
jasper (1.900.1-13build1) quantal; urgency=low * Rebuild for new armel compiler default of ARMv5t. -- Colin Watson <email address hidden> Thu, 04 Oct 2012 09:17:45 +0100
Available diffs
jasper (1.900.1-13) unstable; urgency=high
* Fix CVE-2011-4516 and CVE-2011-4517: Two buffer overflow issues possibly
exploitable via specially crafted input files (Closes: #652649)
Thanks to Red Hat and Michael Gilbert
-- Roland Stigge <email address hidden> Wed, 04 Jan 2012 19:14:40 +0100
Available diffs
jasper (1.900.1-7ubuntu0.10.04.1) lucid-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
heap-based buffer overflows.
- src/libjasper/jpc/jpc_cs.c: validate compparms->numrlvls and allocate
proper size in src/libjasper/jpc/jpc_cs.c.
- Thanks to Red Hat for the patch
- CVE-2011-4516
- CVE-2011-4517
-- Marc Deslauriers <email address hidden> Mon, 19 Dec 2011 10:48:41 -0500
Available diffs
jasper (1.900.1-7ubuntu0.10.10.1) maverick-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
heap-based buffer overflows.
- src/libjasper/jpc/jpc_cs.c: validate compparms->numrlvls and allocate
proper size in src/libjasper/jpc/jpc_cs.c.
- Thanks to Red Hat for the patch
- CVE-2011-4516
- CVE-2011-4517
-- Marc Deslauriers <email address hidden> Mon, 19 Dec 2011 10:47:35 -0500
Available diffs
jasper (1.900.1-7ubuntu2.11.04.1) natty-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
heap-based buffer overflows.
- src/libjasper/jpc/jpc_cs.c: validate compparms->numrlvls and allocate
proper size in src/libjasper/jpc/jpc_cs.c.
- Thanks to Red Hat for the patch
- CVE-2011-4516
- CVE-2011-4517
-- Marc Deslauriers <email address hidden> Mon, 19 Dec 2011 10:45:25 -0500
Available diffs
jasper (1.900.1-7ubuntu2.11.10.1) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
heap-based buffer overflows.
- src/libjasper/jpc/jpc_cs.c: validate compparms->numrlvls and allocate
proper size in src/libjasper/jpc/jpc_cs.c.
- Thanks to Red Hat for the patch
- CVE-2011-4516
- CVE-2011-4517
-- Marc Deslauriers <email address hidden> Mon, 19 Dec 2011 10:43:09 -0500
Available diffs
| Superseded in precise-release |
jasper (1.900.1-12ubuntu1) precise; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
heap-based buffer overflows.
- debian/patches/03-CVE-2011-451x.patch: validate compparms->numrlvls
and allocate proper size in src/libjasper/jpc/jpc_cs.c.
- CVE-2011-4516
- CVE-2011-4517
-- Marc Deslauriers <email address hidden> Mon, 19 Dec 2011 09:36:08 -0500
Available diffs
| Superseded in precise-release |
jasper (1.900.1-12) unstable; urgency=low
* Added patch to fix filename buffer overflow, thanks to Jonas Smedegard
and Alex Cherepanov from ghostscript (Closes: #649833)
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 12 Dec 2011 11:58:36 +0000
Available diffs
| Superseded in precise-release |
jasper (1.900.1-11) unstable; urgency=low * Added Multiarch support, thanks to Colin Watson (Closes: #645118) -- Roland Stigge <email address hidden> Wed, 02 Nov 2011 17:16:10 +0100
Available diffs
| Superseded in precise-release |
jasper (1.900.1-10ubuntu1) precise; urgency=low
* Resynchronise with Debian. Remaining changes (revised for dh(1)):
- Enable multiarch build.
Available diffs
jasper (1.900.1-7ubuntu2) natty; urgency=low
* debian/rules: clear dependency_libs from shipped .la files,
per Policy 10.2.
-- Kees Cook <email address hidden> Thu, 24 Mar 2011 13:32:42 -0700
Available diffs
- diff from 1.900.1-7ubuntu1 to 1.900.1-7ubuntu2 (545 bytes)
| Superseded in natty-release |
jasper (1.900.1-7ubuntu1) natty; urgency=low * Enable multiarch build (LP: #733501) - debian/control: update depends for multiarch toolchain - debian/*.install: update /usr/lib paths - debian/rules: - add --libdir to configure - update library path creation -- Kees Cook <email address hidden> Thu, 24 Mar 2011 00:18:40 -0700
Available diffs
- diff from 1.900.1-7 to 1.900.1-7ubuntu1 (1.2 KiB)
jasper (1.900.1-7) unstable; urgency=low * Acknowledge NMU * Added patch to fix Debian patch for CVE-2008-3521 (Closes: #506739) * debian/control: Standards-Version: 3.8.4 -- Michael Bienia <email address hidden> Mon, 01 Mar 2010 15:35:38 +0000
Available diffs
- diff from 1.900.1-6.1 to 1.900.1-7 (1022 bytes)
| Superseded in lucid-release |
jasper (1.900.1-6.1) unstable; urgency=low
* Non-maintainer upload.
* This is a fix for the GeoJP2 patch introduced in 1.900.1-5 which caused
GDAL faulting. Thanks Even Rouault. (Closes: #553429)
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 23 Nov 2009 18:26:58 +0000
Available diffs
- diff from 1.900.1-6 to 1.900.1-6.1 (2.8 KiB)
jasper (1.900.1-6) unstable; urgency=low
* Reverted to jasper 1.900.1-6 because 1.900.1-5.1 messed up (see #528543)
but 1.900.1-5 wasn't available anymore. (Closes: #514296, #528543)
* Re-applied patch from #275619 as in 1.900.1-5
* debian/control: Standards-Version: 3.8.2
* Applied patch by Nico Golde (Closes: #501021)
- CVE-2008-3522[0]: Buffer overflow.
- CVE-2008-3521[1]: unsecure temporary files handling.
- CVE-2008-3520[2]: Multiple integer overflows.
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 23 Jun 2009 10:36:58 +0100
Available diffs
- diff from 1.900.1-5.1 to 1.900.1-6 (35.0 KiB)
jasper (1.701.0-2ubuntu0.6.06.1) dapper-security; urgency=low
* SECURITY UPDATE: integer overflows via integer multiplication for
memory allocation
- src/libjasper/include/jasper/jas_malloc.h,
src/libjasper/base/jas_malloc.c:
* introduce new size-checked allocation functions
- src/libjasper/base/jas_*.c,
src/libjasper/bmp/bmp_dec.c,
src/libjasper/jp2/jp2_*.c,
src/libjasper/jpc/jpc_*.c,
src/libjasper/mif/mif_cod.c:
* use new size-checked allocation functions
- CVE-2008-3520
* SECURITY UPDATE: denial of service via temporary file name prediction
- src/libjasper/base/jas_stream.c: use mkstemp()
- CVE-2008-3521
* SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
- src/libjasper/base/jas_stream.c: use vsnprintf()
- CVE-2008-3522
* debian/control: Specify a Section: for the source package
-- Marc Deslauriers <email address hidden> Wed, 18 Mar 2009 14:36:50 -0400
Available diffs
jasper (1.900.1-5ubuntu0.1) intrepid-security; urgency=low
* SECURITY UPDATE: integer overflows via integer multiplication for
memory allocation
- debian/patches/02_security_CVE-2008-3520-3521-3522.dpatch: introduce
new size-checked allocation functions, and use them everywhere.
- CVE-2008-3520
* SECURITY UPDATE: denial of service via temporary file name prediction
- debian/patches/02_security_CVE-2008-3520-3521-3522.dpatch: use
mkstemp() in src/libjasper/base/jas_stream.c.
- CVE-2008-3521
* SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
- debian/patches/02_security_CVE-2008-3520-3521-3522.dpatch: use
vsnprintf() in src/libjasper/base/jas_stream.c.
- CVE-2008-3522
-- Marc Deslauriers <email address hidden> Wed, 18 Mar 2009 11:03:55 -0400
Available diffs
jasper (1.900.1-3ubuntu0.8.04.1) hardy-security; urgency=low
* SECURITY UPDATE: integer overflows via integer multiplication for
memory allocation
- src/libjasper/include/jasper/jas_malloc.h,
src/libjasper/base/jas_malloc.c:
* introduce new size-checked allocation functions
- src/libjasper/base/jas_*.c,
src/libjasper/bmp/bmp_dec.c,
src/libjasper/jp2/jp2_*.c,
src/libjasper/jpc/jpc_*.c,
src/libjasper/mif/mif_cod.c:
* use new size-checked allocation functions
- CVE-2008-3520
* SECURITY UPDATE: denial of service via temporary file name prediction
- src/libjasper/base/jas_stream.c: use mkstemp()
- CVE-2008-3521
* SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
- src/libjasper/base/jas_stream.c: use vsnprintf()
- CVE-2008-3522
-- Marc Deslauriers <email address hidden> Wed, 18 Mar 2009 11:54:49 -0400
Available diffs
jasper (1.900.1-3ubuntu0.7.10.1) gutsy-security; urgency=low
* SECURITY UPDATE: integer overflows via integer multiplication for
memory allocation
- src/libjasper/include/jasper/jas_malloc.h,
src/libjasper/base/jas_malloc.c:
* introduce new size-checked allocation functions
- src/libjasper/base/jas_*.c,
src/libjasper/bmp/bmp_dec.c,
src/libjasper/jp2/jp2_*.c,
src/libjasper/jpc/jpc_*.c,
src/libjasper/mif/mif_cod.c:
* use new size-checked allocation functions
- CVE-2008-3520
* SECURITY UPDATE: denial of service via temporary file name prediction
- src/libjasper/base/jas_stream.c: use mkstemp()
- CVE-2008-3521
* SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
- src/libjasper/base/jas_stream.c: use vsnprintf()
- CVE-2008-3522
-- Marc Deslauriers <email address hidden> Wed, 18 Mar 2009 13:22:57 -0400
Available diffs
jasper (1.900.1-5.1) unstable; urgency=low
* Non-maintainer upload.
* add patches/02_security.dpatch to fix various CVEs (Closes: #501021):
+ CVE-2008-3522[0]: Buffer overflow.
+ CVE-2008-3521[1]: unsecure temporary files handling.
+ CVE-2008-3520[2]: Multiple integer overflows.
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 04 Nov 2008 21:27:23 +0000
Available diffs
- diff from 1.900.1-5 to 1.900.1-5.1 (23.7 KiB)
jasper (1.900.1-5) unstable; urgency=low
* Added GeoJP2 patch by Sven Geggus <email address hidden>
(Closes: #275619)
* debian/control: Standards-Version: 3.8.0
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 10 Jun 2008 07:25:59 +0100
Available diffs
- diff from 1.900.1-4 to 1.900.1-5 (2.5 KiB)
jasper (1.900.1-4) unstable; urgency=low
* src/libjasper/jpc/jpc_dec.c: Extended assert() to accept 4 color
components (Closes: #469786)
* debian/rules: improve "make distclean", thanks to lintian
* debian/control:
- Standards-Version: 3.7.3
- ${Source-Version} -> ${binary:Version}
- Removed self-dependencies of libjasper-dev
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 02 May 2008 02:09:58 +0100
| 1 → 50 of 56 results | First • Previous • Next • Last |
