Ubuntu
jasper package

lp:ubuntu/precise-security/jasper

Precise (12.04)
precise-security

Created by Ubuntu Package Importer on 2014-12-08 and last modified on 2015-01-22

Get this branch:: bzr branch lp:ubuntu/precise-security/jasper

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

16. By Marc Deslauriers on 2015-01-22: * SECURITY UPDATE: denial of service via crafted ICC color profile
  - debian/patches/05-CVE-2014-8137.patch: prevent double-free in
    src/libjasper/base/jas_icc.c, remove assert in
    src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
  channel number
  - debian/patches/06-CVE-2014-8138.patch: validate channel number in
    src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
  - debian/patches/07-CVE-2014-8157.patch: fix off-by-one in
    src/libjasper/jpc/jpc_dec.c.
  - CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
  corruption
  - debian/patches/08-CVE-2014-8158.patch: remove HAVE_VLA to use more
    sensible buffer sizes in src/libjasper/jpc/jpc_qmfb.c.
  - CVE-2014-8158
15. By Marc Deslauriers on 2014-12-05: * SECURITY UPDATE: heap overflows via crafted jp2 file
  - debian/patches/04-CVE-2014-9029.patch: fix off-by-one in
    src/libjasper/jpc/jpc_dec.c.
  - CVE-2014-9029
14. By Roland Stigge <email address hidden> on 2012-01-04: Fix CVE-2011-4516 and CVE-2011-4517: Two buffer overflow issues possibly
exploitable via specially crafted input files (Closes: #652649)
Thanks to Red Hat and Michael Gilbert
13. By Marc Deslauriers on 2011-12-19: * SECURITY UPDATE: denial of service and possible code execution via
  heap-based buffer overflows.
  - debian/patches/03-CVE-2011-451x.patch: validate compparms->numrlvls
    and allocate proper size in src/libjasper/jpc/jpc_cs.c.
  - CVE-2011-4516
  - CVE-2011-4517
12. By Roland Stigge <email address hidden> on 2011-11-27: Added patch to fix filename buffer overflow, thanks to Jonas Smedegard
and Alex Cherepanov from ghostscript (Closes: #649833)
11. By Roland Stigge <email address hidden> on 2011-11-02: Added Multiarch support, thanks to Colin Watson (Closes: #645118)
10. By Colin Watson on 2011-10-24: * Resynchronise with Debian. Remaining changes (revised for dh(1)):
- Enable multiarch build.
9. By Kees Cook on 2011-03-24: debian/rules: clear dependency_libs from shipped .la files,
per Policy 10.2.
8. By Kees Cook on 2011-03-24: * Enable multiarch build (LP: #733501)
  - debian/control: update depends for multiarch toolchain
  - debian/*.install: update /usr/lib paths
  - debian/rules:
    - add --libdir to configure
    - update library path creation
7. By Roland Stigge <email address hidden> on 2010-02-21: * Acknowledge NMU
* Added patch to fix Debian patch for CVE-2008-3521 (Closes: #506739)
* debian/control: Standards-Version: 3.8.4

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/vivid/jasper

This branch contains Public information

Everyone can see this information.

Subscribers

Ubuntu branches

Ubuntujasper package