[SECURITY] [DLA 138-1] jasper security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 138-1] jasper security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 28 Jan 2015 20:03:39 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1501282002050.19585@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : jasper
Version        : 1.900.1-7+squeeze4
CVE ID         : CVE-2014-8157 CVE-2014-8158
Debian Bug     : 775970

An off-by-one flaw, leading to a heap-based buffer overflow
(CVE-2014-8157), and an unrestricted stack memory use flaw
(CVE-2014-8158) were found in JasPer, a library for manipulating
JPEG-2000 files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJUyTKLXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHIw4P/13xFeYn7F1QCsyvN9sGx3AA
zFyLyHzF7ru7Y3tyUass32bE3oBd4x6z23JJFNraFU0qwk3oQCf7LgIurlt7EYT6
HMKTanndVWS9JKay86oeADvTIBVYP8fj2k1rJSpkicW+dOsmc8b2HFI7JU5uCJXk
v8GEtEeCIFNyJQ7yQodm0rrnspGPI5pwm0v71wE0BP6ICQ6q7pSvPZUO8vIA/+a2
VcLsCoYLeM7TfTkQKOrA7W6tI8HnsIevFGaDsMne7XNmCz1UR/+/PSX6ZZS5ZBug
j95zj2T0b4RUOBfKgn7RKPaXZjwYWqEsqw3O/06hJs4hZGH7LuLaVyf9eny9c3F7
sHDIo0SyrOpNGh1A1yvY4fsydFkfeKTN/9aGSlTaeTVWNkWyE+rBxxEgD+5J8w1X
hGdqbfIyNheU6RDsQPqktX2HBCG+t08QzstgHCikDaczfLsBDuH3ngdHOanthsR9
G3w6u7D70JoZ4y8RKr7iXkUmu/8n/XZ3OJ7lWEL/UmsUnXJ1c4AoeNgige96ouJU
imipKbCnyxToIDyP1eGEubCadhmk9jUdCjAFIc6BF5GE82WFdY9jBh1cBqlqIf0Q
1+tMEREsq6YV9WCbt2K2K/QIklRmmhymZPgk2z4/flyl8Qw0Pg/ZSAAU3UB/lRyy
f1+ecQLNXIgIb4UMubYa
=qXGs
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 140-1] rpm security update
Next by Date: [SECURITY] [DLA 141-1] libksba security update
Previous by thread: [SECURITY] [DLA 140-1] rpm security update
Next by thread: [SECURITY] [DLA 141-1] libksba security update
Index(es):
- Date
- Thread