[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 121-1] jasper security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : jasper
Version        : 1.900.1-7+squeeze3
CVE ID         : CVE-2014-8137 CVE-2014-8138

Jose Duart of the Google Security Team discovered a double free flaw
(CVE-2014-8137) and a heap-based buffer overflow flaw (CVE-2014-8138)
in JasPer, a library for manipulating JPEG-2000 files. A specially
crafted file could cause an application using JasPer to crash or,
possibly, execute arbitrary code.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJUmGZrXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHCWMQAIm/QK9s83noPonAyW3zGpGW
DSRD+tJi7NDFRyW5Pc7TEDpwB1Ak5wwI6ck8xSYZ0GqLKNZ1FOG/PCNbk+fPgp9Z
pscBjE/m077YktGZbwjOtVn2UG9Dij9gnj48NlGTU0yVEO4/mruqBCifDkT+/IUR
FsJxHYofJFiak67H85hNXCcrsaFfu+ojhgAUiZQZowalepbtiRc+5g4xqkVXDJmU
YbeJxRaMn/UgiX7MdE/bOlXTzHrEZjQRdnv2cygPfolBhHrGuFgF1lLX5LszQejk
ptn6UbpnpVHO6GsQ8RzMvQQl0wrJOfJu0JD23RQvhw521452eqr8SVHluJATcfTp
jfAUqmdoQRTHCv1hFEMM0UGGgk3P5dXx9+YfeOHDHSE3FEmcvylBZllW4sSM7JnH
/XMKi9jQ/G0LNXsKUe/EzTm0cxD3GjzFMO8BSCr3fs/hhcuMse4A3I5bw6z4p6H0
/hfAipMBP1fYFTucEu6ky4H+sR3dpbQyvJqQ5LRu73a+mrLk+kA5lwFy1k1a4nwk
nSJjnROhMRCryac2URavXZvWOl/Q38N3tLTQ+ymzFxms6iZ1VK0QrR2yc6FRGqdz
swMXxE1SpwJBB5zkxZnZK+VKUGcf3qFFldi3vWhPIa49tDj71cbglt4B80gGYROe
GPTgSkZV+y5n6GOoj+Dt
=ghq0
-----END PGP SIGNATURE-----


Reply to: