lp:ubuntu/precise-security/jasper
- Get this branch:
- bzr branch lp:ubuntu/precise-security/jasper
Branch merges
Branch information
Recent revisions
- 16. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via crafted ICC color profile
- debian/patches/ 05-CVE- 2014-8137. patch: prevent double-free in
src/libjasper/ base/jas_ icc.c, remove assert in
src/libjasper/ jp2/jp2_ dec.c.
- CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
channel number
- debian/patches/ 06-CVE- 2014-8138. patch: validate channel number in
src/libjasper/ jp2/jp2_ dec.c.
- CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
- debian/patches/ 07-CVE- 2014-8157. patch: fix off-by-one in
src/libjasper/ jpc/jpc_ dec.c.
- CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
corruption
- debian/patches/ 08-CVE- 2014-8158. patch: remove HAVE_VLA to use more
sensible buffer sizes in src/libjasper/jpc/jpc_ qmfb.c.
- CVE-2014-8158 - 15. By Marc Deslauriers
-
* SECURITY UPDATE: heap overflows via crafted jp2 file
- debian/patches/ 04-CVE- 2014-9029. patch: fix off-by-one in
src/libjasper/ jpc/jpc_ dec.c.
- CVE-2014-9029 - 14. By Roland Stigge <email address hidden>
-
Fix CVE-2011-4516 and CVE-2011-4517: Two buffer overflow issues possibly
exploitable via specially crafted input files (Closes: #652649)
Thanks to Red Hat and Michael Gilbert - 13. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
heap-based buffer overflows.
- debian/patches/ 03-CVE- 2011-451x. patch: validate compparms->numrlvls
and allocate proper size in src/libjasper/jpc/jpc_ cs.c.
- CVE-2011-4516
- CVE-2011-4517 - 12. By Roland Stigge <email address hidden>
-
Added patch to fix filename buffer overflow, thanks to Jonas Smedegard
and Alex Cherepanov from ghostscript (Closes: #649833) - 11. By Roland Stigge <email address hidden>
-
Added Multiarch support, thanks to Colin Watson (Closes: #645118)
- 10. By Colin Watson
-
* Resynchronise with Debian. Remaining changes (revised for dh(1)):
- Enable multiarch build. - 8. By Kees Cook
-
* Enable multiarch build (LP: #733501)
- debian/control: update depends for multiarch toolchain
- debian/*.install: update /usr/lib paths
- debian/rules:
- add --libdir to configure
- update library path creation - 7. By Roland Stigge <email address hidden>
-
* Acknowledge NMU
* Added patch to fix Debian patch for CVE-2008-3521 (Closes: #506739)
* debian/control: Standards-Version: 3.8.4
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/vivid/jasper