Back to jasper PTS page

Accepted jasper 1.900.1-13+deb7u6 (source amd64) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted jasper 1.900.1-13+deb7u6 (source amd64) into oldstable
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 26 Apr 2017 17:30:15 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1d3Qlb-0000bV-Kb@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 22 Apr 2017 22:03:02 +0200
Source: jasper
Binary: libjasper1 libjasper-dev libjasper-runtime
Architecture: source amd64
Version: 1.900.1-13+deb7u6
Distribution: wheezy-security
Urgency: high
Maintainer: Roland Stigge <stigge@antcom.de>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 libjasper-dev - Development files for the JasPer JPEG-2000 library
 libjasper-runtime - Programs for manipulating JPEG-2000 files
 libjasper1 - JasPer JPEG-2000 runtime library
Changes:
 jasper (1.900.1-13+deb7u6) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Wheezy LTS Team.
   * CVE-2016-9591
     Use-after-free on heap in jas_matrix_destroy
     The vulnerability exists in code responsible for re-encoding the
     decoded input image file to a JP2 image. The vulnerability is
     caused by not setting related pointers to be null after the
     pointers are freed (i.e. missing Setting-Pointer-Null operations
     after free). The vulnerability can further cause double-free.
   * CVE-2016-10251
     Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in
     JasPer before 1.900.20 allows remote attackers to have unspecified
     impact via a crafted file, which triggers use of an uninitialized
     value.
   * fix for TEMP-CVE from last upload to avoid hassle with SIZE_MAX
Checksums-Sha1:
 69716668b66848d9021c9cd70bd44e993e7fa631 2051 jasper_1.900.1-13+deb7u6.dsc
 a20dc389f5962661b7ab81777c8316f8faee3a99 1143400 jasper_1.900.1.orig.tar.gz
 f2038ca5c88032761f214efa36e74096b4909ee9 40166 jasper_1.900.1-13+deb7u6.debian.tar.gz
 585b3e446596585cded3294d516dcc02010e2810 161084 libjasper1_1.900.1-13+deb7u6_amd64.deb
 50fe6c5309bd5bb6061cc6e1190558291f675212 570608 libjasper-dev_1.900.1-13+deb7u6_amd64.deb
 1940d51014471de3f321feb604dad4237dd58890 27886 libjasper-runtime_1.900.1-13+deb7u6_amd64.deb
Checksums-Sha256:
 5557e601b45d56b4e9a378de8ed0dbf20238a3ca6be50d410e10b537b0b7c61e 2051 jasper_1.900.1-13+deb7u6.dsc
 6cf104e2811f6088ca1dc76d87dd27c55178d3ccced20db8858d28ae22911a94 1143400 jasper_1.900.1.orig.tar.gz
 66218e510c7cef7b4744b66c8eed10e4842ca95119401df4109d4fbc61eb1595 40166 jasper_1.900.1-13+deb7u6.debian.tar.gz
 6ef52b3aea5c31b5f45f85378cef8d3caf591d1e27725aed9e40292ad148a2d7 161084 libjasper1_1.900.1-13+deb7u6_amd64.deb
 3fb6e3db7edb8093c13f35e956be492e974424cb0bca0f331426160b81d28047 570608 libjasper-dev_1.900.1-13+deb7u6_amd64.deb
 a32ad535ef43a1b27dd7a5ce039cee16c781fea0e10a004d97b4acc9f8e5363d 27886 libjasper-runtime_1.900.1-13+deb7u6_amd64.deb
Files:
 ca81757dbe5d60a4cc4854c4a9df4fac 2051 graphics optional jasper_1.900.1-13+deb7u6.dsc
 4ae3dd938fd15f22f30577db5c9f27e9 1143400 graphics optional jasper_1.900.1.orig.tar.gz
 3a6bebd0ad4404e1204af59aa03653ea 40166 graphics optional jasper_1.900.1-13+deb7u6.debian.tar.gz
 5a070985feb1940da29e85fa82615b37 161084 libs optional libjasper1_1.900.1-13+deb7u6_amd64.deb
 b1a326e815585d8d6a1af812bc754352 570608 libdevel optional libjasper-dev_1.900.1-13+deb7u6_amd64.deb
 0be96be1d6ec9c1eda8a149053007443 27886 graphics optional libjasper-runtime_1.900.1-13+deb7u6_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlkA2ElfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR+h+EACUPOz9vSa1fosRDy8Kf9ysL5tEn/KR
g6IH+M8lWWepUxHSg5SrhL7Il7jHMJhmHBjl8Fhd7ySmit/lv7LK+5i9jGp3Nino
F5t6tx8kLmjQgk8R+HL2aCBnK+eRsx50GrcSHeF5zjRK3UdjHeSit8RngxJqvXnY
bEDa83/qJGfJ04NiO0taUG6bKTgHLQbAUJUsSGrMa6e288OaiAvn3vPUv49DAOie
g7LqpHS84vv7E5nFJeyHOpZZ1L/Ruv7GhpgXHfd468SnHTyrmm/X6yLnXVA0GYeE
I8X9q4nMhUxC1yxiBDjJTPS8wcf5Z1R/s509piF8T07ahzaRsfNF/TDdAUFiSAQ4
IetwGEno2y7EuPs55CLhs+86mfMycFKUM2clRLsEsVgyjNf51zoFsat8IIc8wAX1
4ViaBGD72Ckj4kBV7AnbwjpOBsARADT87S+SPSmGbmQYUlVJzbQ7YP7TiYiYLu9G
sG9vwxKF73Hd1llczxAIGipHDYDNmMGaLp+MVKBVWUK3xa28XFLAQlotKA3j6/f6
SQk4pSKFz4ch5UPDUSuyNkjTIswhYDILkJJftrm+ATU6XQKYOZVeYkkscGFbDUXK
1PZDXYo8nNOQZXSoRvmPxqy7tV/xCfNoJlRfOCaibGizeJZ+0s3rDg3h33Tr5kQA
pS4vfda0QoJbUQ==
=ww3H
-----END PGP SIGNATURE-----