Back to jasper PTS page

Accepted jasper 1.900.1-debian1-2.4+deb8u4 (source amd64) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted jasper 1.900.1-debian1-2.4+deb8u4 (source amd64) into oldstable
From: Markus Koschany <apo@debian.org>
Date: Wed, 21 Nov 2018 13:50:12 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1gPStQ-0005eJ-Ib@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 16 Nov 2018 18:44:08 +0100
Source: jasper
Binary: libjasper1 libjasper-dev libjasper-runtime
Architecture: source amd64
Version: 1.900.1-debian1-2.4+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Roland Stigge <stigge@antcom.de>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libjasper-dev - Development files for the JasPer JPEG-2000 library
 libjasper-runtime - Programs for manipulating JPEG-2000 files
 libjasper1 - JasPer JPEG-2000 runtime library
Changes:
 jasper (1.900.1-debian1-2.4+deb8u4) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2015-5203:
     Gustavo Grieco discovered an integer overflow vulnerability that allows
     remote attackers to cause a denial of service or may have other unspecified
     impact via a crafted JPEG 2000 image file.
   * Fix CVE-2015-5221:
     Josselin Feist found a double-free vulnerability that allows remote
     attackers to cause a denial-of-service (application crash) by processing a
     malformed image file.
   * Fix CVE-2016-8690:
     Gustavo Grieco discovered a NULL pointer dereference vulnerability that can
     cause a denial-of-service via a crafted BMP image file. The update also
     includes the fixes for the related issues CVE-2016-8884 and CVE-2016-8885
     which complete the patch for CVE-2016-8690.
   * Fix CVE-2017-13748:
     It was discovered that jasper does not properly release memory used to
     store image tile data when image decoding fails which may lead to a
     denial-of-service.
   * Fix CVE-2017-14132:
     A heap-based buffer over-read was found related to the jas_image_ishomosamp
     function that could be triggered via a crafted image file and may cause a
     denial-of-service (application crash) or have other unspecified impact.
Checksums-Sha1:
 ed57c56c08f28c3e756c4a1ff52fa26c19f36772 2120 jasper_1.900.1-debian1-2.4+deb8u4.dsc
 c5f29ef54f199162a831421883f1a37e9fe8c646 39040 jasper_1.900.1-debian1-2.4+deb8u4.debian.tar.xz
 3a08a58e87137625e09b1a035b0319945cdc4b97 135364 libjasper1_1.900.1-debian1-2.4+deb8u4_amd64.deb
 cc376554eb8ec1250aee5006329d495e08791dbf 525390 libjasper-dev_1.900.1-debian1-2.4+deb8u4_amd64.deb
 fd2c35468abacd64a722d42f207920ff045e9d86 23590 libjasper-runtime_1.900.1-debian1-2.4+deb8u4_amd64.deb
Checksums-Sha256:
 d10770e6fbffd6a63f554af5c1f49e7fe8415e43a618f80b2a8bcf713ba72c47 2120 jasper_1.900.1-debian1-2.4+deb8u4.dsc
 1edc8a12d963e129cadd43dc15010595eebf60af2cc1c30866508b891764f47b 39040 jasper_1.900.1-debian1-2.4+deb8u4.debian.tar.xz
 7675065f12000e62d7a0c203b41987476c487e99594f2d5ca1a46bdaa66fc2cc 135364 libjasper1_1.900.1-debian1-2.4+deb8u4_amd64.deb
 60260062587c29113e413e0c5726c2bdb6f104a840d9891abb0f673ed7bebc64 525390 libjasper-dev_1.900.1-debian1-2.4+deb8u4_amd64.deb
 e5783904cc06fd90f8881889ae57418a8f72c34ada8085c20b99b0e5feffe718 23590 libjasper-runtime_1.900.1-debian1-2.4+deb8u4_amd64.deb
Files:
 0886221e4521e1d065db8616eda4b995 2120 graphics optional jasper_1.900.1-debian1-2.4+deb8u4.dsc
 ed80bf016e9d501fe760a46648890cd7 39040 graphics optional jasper_1.900.1-debian1-2.4+deb8u4.debian.tar.xz
 5827f950d1215cb08733affd8fced5a0 135364 libs optional libjasper1_1.900.1-debian1-2.4+deb8u4_amd64.deb
 9b21ba41b4919e233665969633b77ece 525390 libdevel optional libjasper-dev_1.900.1-debian1-2.4+deb8u4_amd64.deb
 497659888a8a03b445a05d5638048241 23590 graphics optional libjasper-runtime_1.900.1-debian1-2.4+deb8u4_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlv1XutfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkIWIQAKELhMft588ve5b3PhjJ52nKzL49tfX/TgBC
C3elch+sSs6Qfhzn/gMyjmmlBI3dpYFdliIsIz/DFn9iXV2FugeEkDTnWjmjFpjg
Igz0hu5W03UbaxDqe428226V0i9iL9nxcQPln+aY74l5hDoaSHU8IaUc7BkBq4/n
STrH56VMJnFF4T1NKujeg1Kqeoyv1Cf+9WGPnUr1yNicdUlBQRGYYWITzLW3Yc81
9abFi7L82YlSY/IoQCSO5Ga+P/DXVLuovDnZcn/yeCqNcSycSQY08LFEyTgOJbxp
V4TMO50JCps41+00CwUNWkHDVHTp0iGjepiY0T0CV6E4YiM2YZUE/eVpDbvBNXpi
ZKzUv21Qt/DBVPreiwEyRAHn/YA8eZr5z6aMrlybw60hNL7eYR/gIalvrXpmlr/q
sJoNSPYHv8UtEfCAvGtik0d3zcat9X2KQOCPnIKimJ4CX33kmc+jE0tUxc4Wqckn
Eb9DkjVmqfF1cqmHdAgQCFJgJIKy92WhCsFSPpLN23rapAMqXTdbt3z/V7eTRrt8
KrPqPw0eMzBhiQLLoRnT1/ylwuFby0E04JUmOphuhsgs24+3SVuwQohG+sAhDfsC
p7JR2jS+F/0j7QsHylo0NFAY2VgdaGlyrnaNVTLYItF2Yh7Lj87KKDYevOoNKAOO
KndazIAq
=kpSF
-----END PGP SIGNATURE-----