UbuntuUpdates.org

Package "jasper"

Name: jasper

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Programs for manipulating JPEG-2000 files

Latest version: 1.900.1-13ubuntu0.3
Release: precise (12.04)
Level: security
Repository: universe

Links



Other versions of "jasper" in Precise

Repository Area Version
base main 0.69
base universe 1.900.1-13
security main 1.900.1-13ubuntu0.3
updates universe 1.900.1-13ubuntu0.3
updates main 1.900.1-13ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.900.1-13ubuntu0.3 2016-03-03 15:07:42 UTC

  jasper (1.900.1-13ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service or possible code execution via crafted
    ICC color profile (LP: #1547865)
    - debian/patches/09-CVE-2016-1577.patch: Prevent double-free in
      src/libjasper/base/jas_icc.c
    - CVE-2016-1577
  * SECURITY UPDATE: Denial of service via resource exhaustion via crafted ICC
    color profile
    - debian/patches/10-CVE-2016-2116.patch: Prevent memory leak in
      src/libjasper/base/jas_icc.c
    - CVE-2016-2116

 -- Tyler Hicks <email address hidden> Fri, 26 Feb 2016 00:07:11 -0600

Source diff to previous version
1547865 Double free in libjasper jas_icc.c
CVE-2016-1577 double free vulnerability in the jas_iccattrval_destroy function
CVE-2016-2116 memory leak in the jas_iccprof_createfrombuf function

Version: 1.900.1-13ubuntu0.2 2015-01-26 14:06:20 UTC

  jasper (1.900.1-13ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted ICC color profile
    - debian/patches/05-CVE-2014-8137.patch: prevent double-free in
      src/libjasper/base/jas_icc.c, remove assert in
      src/libjasper/jp2/jp2_dec.c.
    - CVE-2014-8137
  * SECURITY UPDATE: denial of service or code execution via invalid
    channel number
    - debian/patches/06-CVE-2014-8138.patch: validate channel number in
      src/libjasper/jp2/jp2_dec.c.
    - CVE-2014-8138
  * SECURITY UPDATE: denial of service or code execution via off-by-one
    - debian/patches/07-CVE-2014-8157.patch: fix off-by-one in
      src/libjasper/jpc/jpc_dec.c.
    - CVE-2014-8157
  * SECURITY UPDATE: denial of service or code execution via memory
    corruption
    - debian/patches/08-CVE-2014-8158.patch: remove HAVE_VLA to use more
      sensible buffer sizes in src/libjasper/jpc/jpc_qmfb.c.
    - CVE-2014-8158
 -- Marc Deslauriers <email address hidden> Thu, 22 Jan 2015 13:00:54 -0500

Source diff to previous version
CVE-2014-8137 Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (
CVE-2014-8138 Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or p
CVE-2014-8157 off-by-one heap buffer overflow
CVE-2014-8158 stack overflow

Version: 1.900.1-13ubuntu0.1 2014-12-08 15:06:24 UTC

  jasper (1.900.1-13ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: heap overflows via crafted jp2 file
    - debian/patches/04-CVE-2014-9029.patch: fix off-by-one in
      src/libjasper/jpc/jpc_dec.c.
    - CVE-2014-9029
 -- Marc Deslauriers <email address hidden> Fri, 05 Dec 2014 09:02:00 -0500

CVE-2014-9029 input sanitization errors



About   -   Send Feedback to @ubuntu_updates