Hello community, here is the log from the commit of package jasper for openSUSE:Factory checked in at 2014-12-21 12:03:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/jasper (Old) and /work/SRC/openSUSE:Factory/.jasper.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jasper" Changes: -------- --- /work/SRC/openSUSE:Factory/jasper/jasper.changes 2014-03-18 16:21:24.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2014-12-21 12:02:37.000000000 +0100 @@ -1,0 +2,13 @@ +Fri Dec 19 10:31:14 UTC 2014 - [email protected] + +- fixed CVE-2014-8137, CVE-2014-8137 (bnc#909474, bnc#909475) + + jasper-CVE-2014-8137.patch + + jasper-CVE-2014-8138.patch + +------------------------------------------------------------------- +Fri Dec 5 09:56:39 UTC 2014 - [email protected] + +- fixed possible overflow CVE-2014-9029 (bnc#906364) + + jasper-overflow-bnc906364.patch + +------------------------------------------------------------------- New: ---- jasper-CVE-2014-8137.patch jasper-CVE-2014-8138.patch jasper-overflow-bnc906364.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jasper.spec ++++++ --- /var/tmp/diff_new_pack.R0UmEH/_old 2014-12-21 12:02:38.000000000 +0100 +++ /var/tmp/diff_new_pack.R0UmEH/_new 2014-12-21 12:02:38.000000000 +0100 @@ -35,6 +35,9 @@ Patch3: %{name}-%{version}-bug392410.patch Patch4: %{name}-%{version}-no-undef-true-false.patch Patch5: jasper-1.900.1-bug725758.patch +Patch6: jasper-overflow-bnc906364.patch +Patch7: jasper-CVE-2014-8137.patch +Patch8: jasper-CVE-2014-8138.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -80,6 +83,9 @@ %patch3 %patch4 %patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 %build autoreconf -i -f ++++++ jasper-CVE-2014-8137.patch ++++++ --- jasper-1.900.1.orig/src/libjasper/base/jas_icc.c 2014-12-11 14:06:44.000000000 +0100 +++ jasper-1.900.1/src/libjasper/base/jas_icc.c 2014-12-11 15:16:37.971272386 +0100 @@ -1009,7 +1009,6 @@ static int jas_icccurv_input(jas_iccattr return 0; error: - jas_icccurv_destroy(attrval); return -1; } @@ -1127,7 +1126,6 @@ static int jas_icctxtdesc_input(jas_icca #endif return 0; error: - jas_icctxtdesc_destroy(attrval); return -1; } @@ -1206,8 +1204,6 @@ static int jas_icctxt_input(jas_iccattrv goto error; return 0; error: - if (txt->string) - jas_free(txt->string); return -1; } @@ -1328,7 +1324,6 @@ static int jas_icclut8_input(jas_iccattr goto error; return 0; error: - jas_icclut8_destroy(attrval); return -1; } @@ -1497,7 +1492,6 @@ static int jas_icclut16_input(jas_iccatt goto error; return 0; error: - jas_icclut16_destroy(attrval); return -1; } --- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c 2014-12-11 14:30:54.193209780 +0100 +++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c 2014-12-11 14:36:46.313217814 +0100 @@ -291,7 +291,10 @@ jas_image_t *jp2_decode(jas_stream_t *in case JP2_COLR_ICC: iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp, dec->colr->data.colr.iccplen); - assert(iccprof); + if (!iccprof) { + jas_eprintf("error: failed to parse ICC profile\n"); + goto error; + } jas_iccprof_gethdr(iccprof, &icchdr); jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc); jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc)); ++++++ jasper-CVE-2014-8138.patch ++++++ diff -ru jasper-1.900.1.orig/src/libjasper/jp2/jp2_cod.c jasper-1.900.1/src/libjasper/jp2/jp2_cod.c --- jasper-1.900.1.orig/src/libjasper/jp2/jp2_cod.c 2007-01-19 22:43:05.000000000 +0100 +++ jasper-1.900.1/src/libjasper/jp2/jp2_cod.c 2014-12-17 11:58:58.271398603 +0100 @@ -459,7 +459,8 @@ for (channo = 0; channo < cdef->numchans; ++channo) { chan = &cdef->ents[channo]; if (jp2_getuint16(in, &chan->channo) || jp2_getuint16(in, &chan->type) || - jp2_getuint16(in, &chan->assoc)) { + jp2_getuint16(in, &chan->assoc) || + chan->channo >= cdef->numchans ) { return -1; } } ++++++ jasper-overflow-bnc906364.patch ++++++ --- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2014-11-27 12:45:44.000000000 +0100 +++ jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2014-11-27 12:44:58.000000000 +0100 @@ -1281,7 +1281,7 @@ static int jpc_dec_process_coc(jpc_dec_t jpc_coc_t *coc = &ms->parms.coc; jpc_dec_tile_t *tile; - if (JAS_CAST(int, coc->compno) > dec->numcomps) { + if (JAS_CAST(int, coc->compno) >= dec->numcomps) { jas_eprintf("invalid component number in COC marker segment\n"); return -1; } @@ -1307,7 +1307,7 @@ static int jpc_dec_process_rgn(jpc_dec_t jpc_rgn_t *rgn = &ms->parms.rgn; jpc_dec_tile_t *tile; - if (JAS_CAST(int, rgn->compno) > dec->numcomps) { + if (JAS_CAST(int, rgn->compno) >= dec->numcomps) { jas_eprintf("invalid component number in RGN marker segment\n"); return -1; } @@ -1356,7 +1356,7 @@ static int jpc_dec_process_qcc(jpc_dec_t jpc_qcc_t *qcc = &ms->parms.qcc; jpc_dec_tile_t *tile; - if (JAS_CAST(int, qcc->compno) > dec->numcomps) { + if (JAS_CAST(int, qcc->compno) >= dec->numcomps) { jas_eprintf("invalid component number in QCC marker segment\n"); return -1; } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
