[SECURITY] [DLA 739-1] jasper security updat
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : jasper
Version : 1.900.1-13+deb7u5
CVE ID : CVE-2016-8654 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693
CVE-2016-8882 CVE-2016-8883 CVE-2016-8887 CVE-2016-9560
TEMP-CVE
CVE-2016-8691
FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c
CVE-2016-8692
FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c
CVE-2016-8693
attempting double-free ... mem_close ... jas_stream.c
CVE-2016-8882
segfault / null pointer access in jpc_pi_destroy
CVE-2016-9560
stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c)
CVE-2016-8887 part 1 + 2
NULL pointer dereference in jp2_colr_destroy (jp2_cod.c)
CVE-2016-8654
Heap-based buffer overflow in QMFB code in JPC codec
CVE-2016-8883
assert in jpc_dec_tiledecode()
TEMP-CVE
heap-based buffer overflow in jpc_dec_tiledecode (jpc_dec.c)
For Debian 7 "Wheezy", these problems have been fixed in version
1.900.1-13+deb7u5.
We recommend that you upgrade your jasper packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJYTDiNXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHBqkQAI8Npfpzr+9iQ4EAthd41sm2
VFePWaaxrICN3ZJItxeuH0LDhk0lPZtaa+61qk5rfoAMUDzKQ+izJ9L4Ly2uCpf4
0JXo10A+6gG1vfxYWuEoY3CHIQaLC1zqnNjjQXjHHOdT+SMyM2xst/phDGpawwd+
XZOvnQGb84k0+xe8jXNr3hprQqjc9oSrzXNZ5+Mf9hGaRXxSzoXuUG+k63VUJb/C
r0sfpnNyThPSHtmnPwBtDPf0tcVpyR/fX7M71eFpRKeLIyUAXT2QYROPHKi8pUS2
xT8mziB/svtR6tbCP4nlYC0zQ03iRM202CP77uUN42h8y+th7KgDPlIlCMyO60X8
nE+eJX6Mkjc699e+umCyp+N1BKLDTm+8ImvtmnEL4DN0U1Qs3IZUwQvT0PQMjEni
BjTEwrmF/KE+6BWu4FgCMMR5vk76bGPC3FtNGN2utRJpYHlun3J8koP7EburtDas
buz1/rTChIiWR6XmkocUF98ks+cskeOB6O2kDFBa1ZEKyqT/QP7PaG9Kq1phH82B
jUSWWiVOliXbthTojHzwUcTHx10k6keuW0Vg6USAPDKEzG37Gg3nUk6aX6y4dbAs
jOgOQC9ZeZoU/HBdqxjbA12clhp6OZ0hisl/N+SIk1kB1F7DDQrnLyAWiX371CHK
zMrnJGbdBD2RVuweL/K+
=7N7K
-----END PGP SIGNATURE-----
Reply to: