-
bf79e8e...
by
Marc Deslauriers
on 2015-01-22
-
Import patches-applied version 8.71.dfsg.1-0ubuntu5.7 to applied/ubuntu/lucid-security
Imported using git-ubuntu import.
Changelog parent: 4575c278203720343976dd13237581a6395fedbf
Unapplied parent: 5ddedb9b06350c57231f43b35665dd3e93256711
New changelog entries:
* SECURITY UPDATE: denial of service via crafted ICC color profile
- debian/patches/CVE-2014-8137.dpatch: prevent double-free in
jasper/src/libjasper/base/jas_icc.c, remove assert in
jasper/src/libjasper/jp2/jp2_dec.c.
- CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
channel number
- debian/patches/CVE-2014-8138.dpatch: validate channel number in
jasper/src/libjasper/jp2/jp2_dec.c.
- CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
- debian/patches/CVE-2014-8157.dpatch: fix off-by-one in
jasper/src/libjasper/jpc/jpc_dec.c.
- CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
corruption
- debian/patches/CVE-2014-8158.dpatch: remove HAVE_VLA to use more
sensible buffer sizes in jasper/src/libjasper/jpc/jpc_qmfb.c.
- CVE-2014-8158
-
5ddedb9...
by
Marc Deslauriers
on 2015-01-22
-
Import patches-unapplied version 8.71.dfsg.1-0ubuntu5.7 to ubuntu/lucid-security
Imported using git-ubuntu import.
Changelog parent: e786b631ec0db8f34f47dc70a1957273153dc5ec
New changelog entries:
* SECURITY UPDATE: denial of service via crafted ICC color profile
- debian/patches/CVE-2014-8137.dpatch: prevent double-free in
jasper/src/libjasper/base/jas_icc.c, remove assert in
jasper/src/libjasper/jp2/jp2_dec.c.
- CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
channel number
- debian/patches/CVE-2014-8138.dpatch: validate channel number in
jasper/src/libjasper/jp2/jp2_dec.c.
- CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
- debian/patches/CVE-2014-8157.dpatch: fix off-by-one in
jasper/src/libjasper/jpc/jpc_dec.c.
- CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
corruption
- debian/patches/CVE-2014-8158.dpatch: remove HAVE_VLA to use more
sensible buffer sizes in jasper/src/libjasper/jpc/jpc_qmfb.c.
- CVE-2014-8158
-
4575c27...
by
Marc Deslauriers
on 2014-12-05
-
Import patches-applied version 8.71.dfsg.1-0ubuntu5.6 to applied/ubuntu/lucid-security
Imported using git-ubuntu import.
Changelog parent: f67fef3131fb2a973081f0887766c2771c2261ad
Unapplied parent: e786b631ec0db8f34f47dc70a1957273153dc5ec
New changelog entries:
* SECURITY UPDATE: heap overflows via crafted jp2 file
- debian/patches/CVE-2014-9029.dpatch: fix off-by-one in
jasper/src/libjasper/jpc/jpc_dec.c.
- CVE-2014-9029
-
e786b63...
by
Marc Deslauriers
on 2014-12-05
-
Import patches-unapplied version 8.71.dfsg.1-0ubuntu5.6 to ubuntu/lucid-security
Imported using git-ubuntu import.
Changelog parent: 8d773195f9ad657ae366d914a2f518f41544878f
New changelog entries:
* SECURITY UPDATE: heap overflows via crafted jp2 file
- debian/patches/CVE-2014-9029.dpatch: fix off-by-one in
jasper/src/libjasper/jpc/jpc_dec.c.
- CVE-2014-9029
-
f67fef3...
by
Marc Deslauriers
on 2012-09-21
-
Import patches-applied version 8.71.dfsg.1-0ubuntu5.5 to applied/ubuntu/lucid-security
Imported using git-ubuntu import.
Changelog parent: c128ab8a01b42ff8025e45351e0772f6d8a3e9d7
Unapplied parent: 8d773195f9ad657ae366d914a2f518f41544878f
New changelog entries:
* SECURITY UPDATE: denial of service and possible code execution via
icclib overflow
- debian/patches/CVE-2012-4405.dpatch: validate input channels in
icclib/icc.c.
- CVE-2012-4405
-
8d77319...
by
Marc Deslauriers
on 2012-09-21
-
Import patches-unapplied version 8.71.dfsg.1-0ubuntu5.5 to ubuntu/lucid-security
Imported using git-ubuntu import.
Changelog parent: ad5d8fc9d812dd5208b21c4afa2921964be82f74
New changelog entries:
* SECURITY UPDATE: denial of service and possible code execution via
icclib overflow
- debian/patches/CVE-2012-4405.dpatch: validate input channels in
icclib/icc.c.
- CVE-2012-4405
-
c128ab8...
by
Marc Deslauriers
on 2011-12-20
-
Import patches-applied version 8.71.dfsg.1-0ubuntu5.4 to applied/ubuntu/lucid-security
Imported using git-ubuntu import.
Changelog parent: a832ce97945a8bf5c8f60002a791af48fa62ad2e
Unapplied parent: ad5d8fc9d812dd5208b21c4afa2921964be82f74
New changelog entries:
* SECURITY UPDATE: integer overflows via integer multiplication for
memory allocation
- debian/patches/CVE-2008-352x.dpatch: introduce new size-checked
allocation functions and use them in:
* jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c,
jas_malloc.c,jas_seq.c}
* jasper/src/libjasper/bmp/bmp_dec.c
* jasper/src/libjasper/include/jasper/jas_malloc.h
* jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c}
* jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c,
jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c,
jpc_t2enc.c,jpc_tagtree.c,jpc_util.c}
* jasper/src/libjasper/mif/mif_cod.c
- CVE-2008-3520
* SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
- debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in
jasper/src/libjasper/base/jas_stream.c
- CVE-2008-3522
* SECURITY UPDATE: denial of service and possible code execution via
heap-based buffer overflows.
- debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls
and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c.
- CVE-2011-4516
- CVE-2011-4517
-
ad5d8fc...
by
Marc Deslauriers
on 2011-12-20
-
Import patches-unapplied version 8.71.dfsg.1-0ubuntu5.4 to ubuntu/lucid-security
Imported using git-ubuntu import.
Changelog parent: 0a5ddce63d2833254ab84e31f34b0de4c4861107
New changelog entries:
* SECURITY UPDATE: integer overflows via integer multiplication for
memory allocation
- debian/patches/CVE-2008-352x.dpatch: introduce new size-checked
allocation functions and use them in:
* jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c,
jas_malloc.c,jas_seq.c}
* jasper/src/libjasper/bmp/bmp_dec.c
* jasper/src/libjasper/include/jasper/jas_malloc.h
* jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c}
* jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c,
jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c,
jpc_t2enc.c,jpc_tagtree.c,jpc_util.c}
* jasper/src/libjasper/mif/mif_cod.c
- CVE-2008-3520
* SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
- debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in
jasper/src/libjasper/base/jas_stream.c
- CVE-2008-3522
* SECURITY UPDATE: denial of service and possible code execution via
heap-based buffer overflows.
- debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls
and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c.
- CVE-2011-4516
- CVE-2011-4517
-
a832ce9...
by
Till Kamppeter
on 2010-07-19
-
Import patches-applied version 8.71.dfsg.1-0ubuntu5.3 to applied/ubuntu/lucid-proposed
Imported using git-ubuntu import.
Changelog parent: 7fce2efc4c70a7e84dd36650f7ef6e72a816c7d4
Unapplied parent: 0a5ddce63d2833254ab84e31f34b0de4c4861107
New changelog entries:
* debian/patches/ps2pdf-hyperlinks.dpatch: Let ps2pdf create proper hyperlinks
(LP: #583990, upstream bug #691344).
-
0a5ddce...
by
Till Kamppeter
on 2010-07-19
-
Import patches-unapplied version 8.71.dfsg.1-0ubuntu5.3 to ubuntu/lucid-proposed
Imported using git-ubuntu import.
Changelog parent: 175237e5193723a1b704b0b249f325bc3fe5bf2f
New changelog entries:
* debian/patches/ps2pdf-hyperlinks.dpatch: Let ps2pdf create proper hyperlinks
(LP: #583990, upstream bug #691344).
