jasper 1.900.1-14ubuntu3.5 source package in Ubuntu
Changelog
jasper (1.900.1-14ubuntu3.5) trusty-security; urgency=medium * SECURITY UPDATE: double-free in jasper_image_stop_load - debian/patches/CVE-2015-5203-CVE-2016-9262.patch: fix overflow and double free in src/libjasper/base/jas_image.c, src/libjasper/include/jasper/jas_math.h. (Thanks to Red Hat for the patch!) - CVE-2015-5203 * SECURITY UPDATE: use-after-free in mif_process_cmpt - debian/patches/CVE-2015-5221.patch: fix use-after-free in src/libjasper/mif/mif_cod.c. - CVE-2015-5221 * SECURITY UPDATE: denial of service in jpc_tsfb_synthesize - debian/patches/CVE-2016-10248.patch: fix type promotion and prevent null pointer dereference in src/libjasper/include/jasper/jas_seq.h, src/libjasper/jpc/jpc_dec.c, src/libjasper/jpc/jpc_tsfb.c. - CVE-2016-10248 * SECURITY UPDATE: denial of service in jp2_colr_destroy - debian/patches/CVE-2016-10250.patch: fix cleanup in src/libjasper/jp2/jp2_cod.c. - CVE-2016-10250 * SECURITY UPDATE: denial of service in jpc_dec_tiledecode - debian/patches/CVE-2016-8883.patch: remove asserts in src/libjasper/jpc/jpc_dec.c. - CVE-2016-8883 * SECURITY UPDATE: denial of service in jp2_colr_destroy - debian/patches/CVE-2016-8887.patch: don't destroy box that doesn't exist in src/libjasper/jp2/jp2_cod.c, src/libjasper/jp2/jp2_dec.c. - CVE-2016-8887 * SECURITY UPDATE: integer overflow in jpc_dec_process_siz - debian/patches/CVE-2016-9387-1.patch: fix overflow in src/libjasper/jpc/jpc_dec.c. - debian/patches/CVE-2016-9387-2.patch: add more checks to src/libjasper/jpc/jpc_dec.c. - CVE-2016-9387 * SECURITY UPDATE: denial of service in ras_getcmap - debian/patches/CVE-2016-9388.patch: remove assertions in src/libjasper/ras/ras_dec.c, src/libjasper/ras/ras_enc.c. - CVE-2016-9388 * SECURITY UPDATE: denial of service in jpc_irct and jpc_iict functions - debian/patches/CVE-2016-9389.patch: add check to src/libjasper/base/jas_image.c, src/libjasper/jpc/jpc_dec.c, src/libjasper/include/jasper/jas_image.h. - CVE-2016-9389 * SECURITY UPDATE: denial of service in jas_seq2d_create - debian/patches/CVE-2016-9390.patch: check tiles in src/libjasper/jpc/jpc_cs.c. - CVE-2016-9390 * SECURITY UPDATE: denial of service in jpc_bitstream_getbits - debian/patches/CVE-2016-9391.patch: add tests to src/libjasper/jpc/jpc_bs.c, src/libjasper/jpc/jpc_cs.c. - CVE-2016-9391 * SECURITY UPDATE: multiple denial of service issues - debian/patches/CVE-2016-9392-3-4.patch: add more checks to src/libjasper/jpc/jpc_cs.c. - CVE-2016-9392 - CVE-2016-9393 - CVE-2016-9394 * SECURITY UPDATE: denial of service in JPC_NOMINALGAIN - debian/patches/CVE-2016-9396.patch: add check to src/libjasper/jpc/jpc_cs.c. - CVE-2016-9396 * SECURITY UPDATE: denial of service via crafted image - debian/patches/CVE-2016-9600.patch: add more checks to src/libjasper/jp2/jp2_enc.c. - CVE-2016-9600 * SECURITY UPDATE: NULL pointer exception in jp2_encode - debian/patches/CVE-2017-1000050.patch: check number of components in src/libjasper/jp2/jp2_enc.c. - CVE-2017-1000050 * SECURITY UPDATE: denial of service in jp2_cdef_destroy - debian/patches/CVE-2017-6850.patch: initialize data in src/libjasper/base/jas_stream.c, src/libjasper/jp2/jp2_cod.c. - CVE-2017-6850 -- Marc Deslauriers <email address hidden> Wed, 27 Jun 2018 11:04:48 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Trusty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- graphics
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Trusty | updates | main | libs | |
Trusty | security | main | libs |
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
jasper_1.900.1.orig.tar.gz | 1.1 MiB | 6cf104e2811f6088ca1dc76d87dd27c55178d3ccced20db8858d28ae22911a94 |
jasper_1.900.1-14ubuntu3.5.debian.tar.gz | 51.7 KiB | 5905f5f9171e3aaf3677e71c10f343be3d2b45fcc2dd0a99dd45043fb4f6b980 |
jasper_1.900.1-14ubuntu3.5.dsc | 1.9 KiB | 76746cd83008ce1585d9eb63b395fa4b9b3b3415989ed4e7eba8058f606092a4 |
Available diffs
Binary packages built by this source
- libjasper-dev: Development files for the JasPer JPEG-2000 library
JasPer is a collection of software (i.e., a library and application programs)
for the coding and manipulation of images. This software can handle image
data in a variety of formats. One such format supported by JasPer is the
JPEG-2000 format defined in ISO/IEC 15444-1:2000.
.
This package contains the static library and headers.
- libjasper-runtime: Programs for manipulating JPEG-2000 files
JasPer is a collection of software (i.e., a library and application programs)
for the coding and manipulation of images. This software can handle image
data in a variety of formats. One such format supported by JasPer is the
JPEG-2000 format defined in ISO/IEC 15444-1:2000.
.
This package contains programs for manipulating JPEG-2000 files.
- libjasper-runtime-dbgsym: debug symbols for package libjasper-runtime
JasPer is a collection of software (i.e., a library and application programs)
for the coding and manipulation of images. This software can handle image
data in a variety of formats. One such format supported by JasPer is the
JPEG-2000 format defined in ISO/IEC 15444-1:2000.
.
This package contains programs for manipulating JPEG-2000 files.
- libjasper1: JasPer JPEG-2000 runtime library
JasPer is a collection of software (i.e., a library and application programs)
for the coding and manipulation of images. This software can handle image
data in a variety of formats. One such format supported by JasPer is the
JPEG-2000 format defined in ISO/IEC 15444-1:2000.
.
This package contains the shared library.
- libjasper1-dbgsym: debug symbols for package libjasper1
JasPer is a collection of software (i.e., a library and application programs)
for the coding and manipulation of images. This software can handle image
data in a variety of formats. One such format supported by JasPer is the
JPEG-2000 format defined in ISO/IEC 15444-1:2000.
.
This package contains the shared library.