Ubuntu
jasper package

Branches for Precise

Name Status Last Modified Last Commit
lp:ubuntu/precise/jasper 2 Mature 2012-01-04 19:14:40 UTC
14. Fix CVE-2011-4516 and CVE-2011-4517: ...

Author: Roland Stigge
Revision Date: 2012-01-04 19:14:40 UTC

Fix CVE-2011-4516 and CVE-2011-4517: Two buffer overflow issues possibly
exploitable via specially crafted input files (Closes: #652649)
Thanks to Red Hat and Michael Gilbert
lp:ubuntu/precise-security/jasper 2 Mature 2015-01-22 13:00:54 UTC
16. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-01-22 13:00:54 UTC

* SECURITY UPDATE: denial of service via crafted ICC color profile
  - debian/patches/05-CVE-2014-8137.patch: prevent double-free in
    src/libjasper/base/jas_icc.c, remove assert in
    src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
  channel number
  - debian/patches/06-CVE-2014-8138.patch: validate channel number in
    src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
  - debian/patches/07-CVE-2014-8157.patch: fix off-by-one in
    src/libjasper/jpc/jpc_dec.c.
  - CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
  corruption
  - debian/patches/08-CVE-2014-8158.patch: remove HAVE_VLA to use more
    sensible buffer sizes in src/libjasper/jpc/jpc_qmfb.c.
  - CVE-2014-8158
lp:ubuntu/precise-updates/jasper 2 Mature 2015-01-22 13:00:54 UTC
16. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2015-01-22 13:00:54 UTC

* SECURITY UPDATE: denial of service via crafted ICC color profile
  - debian/patches/05-CVE-2014-8137.patch: prevent double-free in
    src/libjasper/base/jas_icc.c, remove assert in
    src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
  channel number
  - debian/patches/06-CVE-2014-8138.patch: validate channel number in
    src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
  - debian/patches/07-CVE-2014-8157.patch: fix off-by-one in
    src/libjasper/jpc/jpc_dec.c.
  - CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
  corruption
  - debian/patches/08-CVE-2014-8158.patch: remove HAVE_VLA to use more
    sensible buffer sizes in src/libjasper/jpc/jpc_qmfb.c.
  - CVE-2014-8158
13 of 3 results FirstPreviousNextLast