[SECURITY] [DLA 1628-2] jasper regression update

[Markus Koschany <apo@debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : jasper
Version        : 1.900.1-debian1-2.4+deb8u6

The update of jasper issued as DLA-1628-1 caused a regression due to
the fix for CVE-2018-19542, a NULL pointer dereference in the function
jp2_decode, which could lead to a denial-of-service. In some cases not
only invalid jp2 files but also valid jp2 files were rejected.

For Debian 8 "Jessie", this problem has been fixed in version
1.900.1-debian1-2.4+deb8u6.

We recommend that you upgrade your jasper packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlyyVYRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTSSg/8DeFZqhC5gjHoP/7eC20HBa0HUqhAVFvSnaq7Wb3auNioTf3YS7TVufod
1UMFZ+ykS2BMXLI/HEh7YjD/dzb2t3Ji6ONHRcoYjw5Gpg6INnT19jI8VoCyZRGr
Mys+GorCntdDrC6ZV/sfwtKnPA+ALl08r32ADbQ49N/CspRaqtWQPFAJ9KYbzXo1
oUFKo4S3eOlcM3CB+AA4AgXIeO3nWxcR4i6qFXvRO8g+z68ZCcSKwm8iKc1MuRaD
SCZPEn1jlbNOvAmR2DDW7QUoT0GjHhME1kAoaWo9pJ/o2hrB5KkkHhdCXwsPFQ8w
p5LOr0YkYx7peVsyu6Aed2Y/uzO7SH3XJf6dP272G0HbBaa4ei7ImtFHMIBrvoVX
SVB2FxNZO6jrg4M7DU64zg1+mg4ptf/cbVw3QCZe14wuNjuTYN5oMAVYiT5+b8/X
0MtZPQJyNxWd2lq+eXGSAx2n7iYGj1TW6FERjHwiUkNRD1ehtd2fKaCLlWAJ0eOA
z73W5uNjP5ftFDiL9V/AUfpg2tRHJ11uS4Z5UIEkVETK5WYSbfTpmr0oFMY2WLUA
PBBH1R8KTNozvomMe+c78BbDxMGoEYJlHMG3NJh4hSFgwzE2vGU+80Y/mSAK795/
ZIPlKyXiPTV+e1m7qacMYK+/5xg/KMdj8E2GRgfsrynSXRWOEHI=
=Ozle
-----END PGP SIGNATURE-----