diff -Nru jasper-1.900.1-debian1/debian/changelog jasper-1.900.1-debian1/debian/changelog
--- jasper-1.900.1-debian1/debian/changelog	2016-03-06 14:00:34.000000000 +0000
+++ jasper-1.900.1-debian1/debian/changelog	2018-07-28 19:34:59.000000000 +0000
@@ -1,3 +1,22 @@
+jasper (1.900.1-debian1-2.4+deb8u2build0.18.10.1.1) cosmic; urgency=high
+
+  * Build for Cosmic
+
+ -- Otto Meier <otto@kesselgulasch.org>  Sat, 28 Jul 2018 21:34:53 +0100
+
+jasper (1.900.1-debian1-2.4+deb8u2build0.16.10.1) yakkety-security; urgency=medium
+
+  * fake sync from Debian
+
+ -- Tyler Hicks <tyhicks@canonical.com>  Fri, 10 Feb 2017 16:19:53 +0000
+
+jasper (1.900.1-debian1-2.4+deb8u2) jessie-security; urgency=medium
+
+  * CVE-2016-1867 CVE-2016-8654 CVE-2016-8691 CVE-2016-8692
+    CVE-2016-8693 CVE-2016-8882 CVE-2016-9560
+
+ -- Moritz Mühlenhoff <jmm@debian.org>  Tue, 07 Feb 2017 22:49:13 +0100
+
 jasper (1.900.1-debian1-2.4+deb8u1) jessie-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru jasper-1.900.1-debian1/debian/control jasper-1.900.1-debian1/debian/control
--- jasper-1.900.1-debian1/debian/control	2016-03-06 14:00:34.000000000 +0000
+++ jasper-1.900.1-debian1/debian/control	2017-02-15 02:13:32.000000000 +0000
@@ -1,7 +1,8 @@
 Source: jasper
 Priority: optional
 Section: graphics
-Maintainer: Roland Stigge <stigge@antcom.de>
+Maintainer: Otto Meier <otto@kesselgulasch.org>
+XSBC-Original-Maintainer: Roland Stigge <stigge@antcom.de>
 Build-Depends: debhelper (>= 9), freeglut3-dev, libjpeg-dev, libxi-dev, libxmu-dev, libxt-dev, dh-autoreconf
 Standards-Version: 3.9.5
 
diff -Nru jasper-1.900.1-debian1/debian/patches/12_CVE-2016-1867_CVE-2016-8654_CVE-2016-8691_CVE-2016-8692_CVE-2016-8693_CVE-2016-8882_CVE-2016-9560.patch jasper-1.900.1-debian1/debian/patches/12_CVE-2016-1867_CVE-2016-8654_CVE-2016-8691_CVE-2016-8692_CVE-2016-8693_CVE-2016-8882_CVE-2016-9560.patch
--- jasper-1.900.1-debian1/debian/patches/12_CVE-2016-1867_CVE-2016-8654_CVE-2016-8691_CVE-2016-8692_CVE-2016-8693_CVE-2016-8882_CVE-2016-9560.patch	1970-01-01 00:00:00.000000000 +0000
+++ jasper-1.900.1-debian1/debian/patches/12_CVE-2016-1867_CVE-2016-8654_CVE-2016-8691_CVE-2016-8692_CVE-2016-8693_CVE-2016-8882_CVE-2016-9560.patch	2017-02-07 21:48:23.000000000 +0000
@@ -0,0 +1,194 @@
+diff -Naur jasper-1.900.1-debian1.orig/src/libjasper/base/jas_stream.c jasper-1.900.1-debian1/src/libjasper/base/jas_stream.c
+--- jasper-1.900.1-debian1.orig/src/libjasper/base/jas_stream.c	2017-02-07 22:46:28.000000000 +0100
++++ jasper-1.900.1-debian1/src/libjasper/base/jas_stream.c	2017-02-07 22:46:07.040456152 +0100
+@@ -985,8 +985,9 @@
+ {
+ 	unsigned char *buf;
+ 
+-	assert(m->buf_);
+-	if (!(buf = jas_realloc(m->buf_, bufsize))) {
++	//assert(m->buf_);
++	assert(bufsize >= 0);
++	if (!(buf = jas_realloc(m->buf_, bufsize)) && bufsize) {
+ 		return -1;
+ 	}
+ 	m->buf_ = buf;
+diff -Naur jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_cs.c jasper-1.900.1-debian1/src/libjasper/jpc/jpc_cs.c
+--- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_cs.c	2017-02-07 22:46:28.000000000 +0100
++++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_cs.c	2017-02-07 22:46:02.168382641 +0100
+@@ -512,6 +512,16 @@
+ 			jas_free(siz->comps);
+ 			return -1;
+ 		}
++		if (siz->comps[i].hsamp == 0 || siz->comps[i].hsamp > 255) {
++			jas_eprintf("invalid XRsiz value %d\n", siz->comps[i].hsamp);
++			jas_free(siz->comps);
++			return -1;
++		}
++		if (siz->comps[i].vsamp == 0 || siz->comps[i].vsamp > 255) {
++			jas_eprintf("invalid YRsiz value %d\n", siz->comps[i].vsamp);
++			jas_free(siz->comps);
++			return -1;
++		}
+ 		siz->comps[i].sgnd = (tmp >> 7) & 1;
+ 		siz->comps[i].prec = (tmp & 0x7f) + 1;
+ 	}
+diff -Naur jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_dec.c jasper-1.900.1-debian1/src/libjasper/jpc/jpc_dec.c
+--- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_dec.c	2017-02-07 22:46:28.000000000 +0100
++++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_dec.c	2017-02-07 22:46:13.736555435 +0100
+@@ -674,7 +674,7 @@
+ 	uint_fast32_t tmpxend;
+ 	uint_fast32_t tmpyend;
+ 	jpc_dec_cp_t *cp;
+-	jpc_tsfb_band_t bnds[64];
++	jpc_tsfb_band_t bnds[JPC_MAXBANDS];
+ 	jpc_pchg_t *pchg;
+ 	int pchgno;
+ 	jpc_dec_cmpt_t *cmpt;
+@@ -989,23 +989,23 @@
+ }
+ 	if (tile->cp) {
+ 		jpc_dec_cp_destroy(tile->cp);
+-		tile->cp = 0;
++		//tile->cp = 0;
+ 	}
+ 	if (tile->tcomps) {
+ 		jas_free(tile->tcomps);
+-		tile->tcomps = 0;
++		//tile->tcomps = 0;
+ 	}
+ 	if (tile->pi) {
+ 		jpc_pi_destroy(tile->pi);
+-		tile->pi = 0;
++		//tile->pi = 0;
+ 	}
+ 	if (tile->pkthdrstream) {
+ 		jas_stream_close(tile->pkthdrstream);
+-		tile->pkthdrstream = 0;
++		//tile->pkthdrstream = 0;
+ 	}
+ 	if (tile->pptstab) {
+ 		jpc_ppxstab_destroy(tile->pptstab);
+-		tile->pptstab = 0;
++		//tile->pptstab = 0;
+ 	}
+ 
+ 	tile->state = JPC_TILE_DONE;
+@@ -1148,7 +1148,11 @@
+ 				return -1;
+ 			}
+ 		}
+-		jpc_dec_tilefini(dec, tile);
++		/* If the tile has not yet been finalized, finalize it. */
++		// OLD CODE: jpc_dec_tilefini(dec, tile);
++		if (tile->state != JPC_TILE_DONE) {
++			jpc_dec_tilefini(dec, tile);
++		}
+ 	}
+ 
+ 	/* We are done processing the code stream. */
+@@ -1204,6 +1208,8 @@
+ 	dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth);
+ 	dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight);
+ 	dec->numtiles = dec->numhtiles * dec->numvtiles;
++	JAS_DBGLOG(10, ("numtiles = %d; numhtiles = %d; numvtiles = %d;\n",
++	  dec->numtiles, dec->numhtiles, dec->numvtiles));
+ 	if (!(dec->tiles = jas_alloc2(dec->numtiles, sizeof(jpc_dec_tile_t)))) {
+ 		return -1;
+ 	}
+@@ -1228,6 +1234,7 @@
+ 		tile->pkthdrstreampos = 0;
+ 		tile->pptstab = 0;
+ 		tile->cp = 0;
++		tile->pi = 0;
+ 		if (!(tile->tcomps = jas_alloc2(dec->numcomps,
+ 		  sizeof(jpc_dec_tcomp_t)))) {
+ 			return -1;
+diff -Naur jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_qmfb.c jasper-1.900.1-debian1/src/libjasper/jpc/jpc_qmfb.c
+--- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_qmfb.c	2017-02-07 22:46:28.000000000 +0100
++++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_qmfb.c	2017-02-07 22:45:59.328339293 +0100
+@@ -372,7 +372,7 @@
+ 	register jpc_fix_t *dstptr;
+ 	register int n;
+ 	register int m;
+-	int hstartcol;
++	int hstartrow;
+ 
+ 	/* Get a buffer. */
+ 	if (bufsize > QMFB_SPLITBUFSIZE) {
+@@ -383,8 +383,9 @@
+ 	}
+ 
+ 	if (numrows >= 2) {
+-		hstartcol = (numrows + 1 - parity) >> 1;
+-		m = (parity) ? hstartcol : (numrows - hstartcol);
++		hstartrow = (numrows + 1 - parity) >> 1;
++		m = (parity) ? hstartrow : (numrows - hstartrow);
++
+ 		/* Save the samples destined for the highpass channel. */
+ 		n = m;
+ 		dstptr = buf;
+@@ -404,7 +405,7 @@
+ 			srcptr += stride << 1;
+ 		}
+ 		/* Copy the saved samples into the highpass channel. */
+-		dstptr = &a[hstartcol * stride];
++		dstptr = &a[hstartrow * stride];
+ 		srcptr = buf;
+ 		n = m;
+ 		while (n-- > 0) {
+@@ -435,19 +436,20 @@
+ 	register int n;
+ 	register int i;
+ 	int m;
+-	int hstartcol;
++	int hstartrow;
+ 
+ 	/* Get a buffer. */
+ 	if (bufsize > QMFB_SPLITBUFSIZE) {
+-		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
++                if (!(buf = jas_alloc3(bufsize, JPC_QMFB_COLGRPSIZE, sizeof(jpc_fix_t)))) {
+ 			/* We have no choice but to commit suicide in this case. */
+ 			abort();
+ 		}
+ 	}
+ 
+ 	if (numrows >= 2) {
+-		hstartcol = (numrows + 1 - parity) >> 1;
+-		m = (parity) ? hstartcol : (numrows - hstartcol);
++		hstartrow = (numrows + 1 - parity) >> 1;
++		m = (parity) ? hstartrow : (numrows - hstartrow);
++
+ 		/* Save the samples destined for the highpass channel. */
+ 		n = m;
+ 		dstptr = buf;
+@@ -479,7 +481,7 @@
+ 			srcptr += stride << 1;
+ 		}
+ 		/* Copy the saved samples into the highpass channel. */
+-		dstptr = &a[hstartcol * stride];
++		dstptr = &a[hstartrow * stride];
+ 		srcptr = buf;
+ 		n = m;
+ 		while (n-- > 0) {
+@@ -520,7 +522,7 @@
+ 
+ 	/* Get a buffer. */
+ 	if (bufsize > QMFB_SPLITBUFSIZE) {
+-		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
++		if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) {
+ 			/* We have no choice but to commit suicide in this case. */
+ 			abort();
+ 		}
+diff -Naur jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_t2cod.c jasper-1.900.1-debian1/src/libjasper/jpc/jpc_t2cod.c
+--- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_t2cod.c	2017-02-07 22:46:28.000000000 +0100
++++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_t2cod.c	2017-02-07 22:45:54.464331040 +0100
+@@ -429,7 +429,7 @@
+ 	}
+ 
+ 	for (pi->compno = pchg->compnostart, pi->picomp =
+-	  &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno,
++	  &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno,
+ 	  ++pi->picomp) {
+ 		pirlvl = pi->picomp->pirlvls;
+ 		pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn +
diff -Nru jasper-1.900.1-debian1/debian/patches/series jasper-1.900.1-debian1/debian/patches/series
--- jasper-1.900.1-debian1/debian/patches/series	2016-03-06 14:00:34.000000000 +0000
+++ jasper-1.900.1-debian1/debian/patches/series	2017-02-07 21:48:34.000000000 +0000
@@ -9,3 +9,4 @@
 09-CVE-2016-1577.patch
 10-CVE-2016-2089.patch
 11-CVE-2016-2116.patch
+12_CVE-2016-1867_CVE-2016-8654_CVE-2016-8691_CVE-2016-8692_CVE-2016-8693_CVE-2016-8882_CVE-2016-9560.patch