Package "jasper"
Name: |
jasper
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- Programs for manipulating JPEG-2000 files
|
Latest version: |
1.900.1-13ubuntu0.3 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
universe |
Links
Other versions of "jasper" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
jasper (1.900.1-13ubuntu0.3) precise-security; urgency=medium
* SECURITY UPDATE: Denial of service or possible code execution via crafted
ICC color profile (LP: #1547865)
- debian/patches/09-CVE-2016-1577.patch: Prevent double-free in
src/libjasper/base/jas_icc.c
- CVE-2016-1577
* SECURITY UPDATE: Denial of service via resource exhaustion via crafted ICC
color profile
- debian/patches/10-CVE-2016-2116.patch: Prevent memory leak in
src/libjasper/base/jas_icc.c
- CVE-2016-2116
-- Tyler Hicks <email address hidden> Fri, 26 Feb 2016 00:07:11 -0600
|
Source diff to previous version |
1547865 |
Double free in libjasper jas_icc.c |
CVE-2016-1577 |
double free vulnerability in the jas_iccattrval_destroy function |
CVE-2016-2116 |
memory leak in the jas_iccprof_createfrombuf function |
|
jasper (1.900.1-13ubuntu0.2) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted ICC color profile
- debian/patches/05-CVE-2014-8137.patch: prevent double-free in
src/libjasper/base/jas_icc.c, remove assert in
src/libjasper/jp2/jp2_dec.c.
- CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
channel number
- debian/patches/06-CVE-2014-8138.patch: validate channel number in
src/libjasper/jp2/jp2_dec.c.
- CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
- debian/patches/07-CVE-2014-8157.patch: fix off-by-one in
src/libjasper/jpc/jpc_dec.c.
- CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
corruption
- debian/patches/08-CVE-2014-8158.patch: remove HAVE_VLA to use more
sensible buffer sizes in src/libjasper/jpc/jpc_qmfb.c.
- CVE-2014-8158
-- Marc Deslauriers <email address hidden> Thu, 22 Jan 2015 13:00:54 -0500
|
Source diff to previous version |
CVE-2014-8137 |
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service ( |
CVE-2014-8138 |
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or p |
CVE-2014-8157 |
off-by-one heap buffer overflow |
CVE-2014-8158 |
stack overflow |
|
jasper (1.900.1-13ubuntu0.1) precise-security; urgency=medium
* SECURITY UPDATE: heap overflows via crafted jp2 file
- debian/patches/04-CVE-2014-9029.patch: fix off-by-one in
src/libjasper/jpc/jpc_dec.c.
- CVE-2014-9029
-- Marc Deslauriers <email address hidden> Fri, 05 Dec 2014 09:02:00 -0500
|
|
About
-
Send Feedback to @ubuntu_updates