Your message dated Mon, 22 Dec 2014 09:49:34 +0000
with message-id <[email protected]>
and subject line Bug#773463: fixed in jasper 1.900.1-debian1-2.3
has caused the Debian Bug report #773463,
regarding jasper: CVE-2014-8137 CVE-2014-8138
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
773463: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773463
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: jasper
Version: 1.900.1-7
Severity: grave
Tags: security upstream
Hi,
the following vulnerabilities were published for jasper.
CVE-2014-8137[0]:
double-free in in jas_iccattrval_destroy()
CVE-2014-8138[1]:
heap overflow in jp2_decode()
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-8137
[1] https://security-tracker.debian.org/tracker/CVE-2014-8138
[2] http://www.ocert.org/advisories/ocert-2014-012.html
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: jasper
Source-Version: 1.900.1-debian1-2.3
We believe that the bug you reported is fixed in the latest version of
jasper, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated jasper package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 20 Dec 2014 08:42:19 +0100
Source: jasper
Binary: libjasper1 libjasper-dev libjasper-runtime
Architecture: source amd64
Version: 1.900.1-debian1-2.3
Distribution: unstable
Urgency: high
Maintainer: Roland Stigge <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
libjasper-dev - Development files for the JasPer JPEG-2000 library
libjasper-runtime - Programs for manipulating JPEG-2000 files
libjasper1 - JasPer JPEG-2000 runtime library
Closes: 773463
Changes:
jasper (1.900.1-debian1-2.3) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add 05-CVE-2014-8137.patch patch.
CVE-2014-8137: double-free in in jas_iccattrval_destroy(). (Closes:
#773463)
* Add 06-CVE-2014-8138.patch patch.
CVE-2014-8138: heap overflow in jp2_decode(). (Closes: #773463)
Checksums-Sha1:
f23cea82d64d7e2acc330ec6de54f68c403ef1e7 1927 jasper_1.900.1-debian1-2.3.dsc
cbb3b585cb0d72a459d076c21f1ad569931bcbcf 28632
jasper_1.900.1-debian1-2.3.debian.tar.xz
Checksums-Sha256:
0dcecadbe4a969c764814399c75a7d2b18bea52125a250915e5e9d78bb09e37e 1927
jasper_1.900.1-debian1-2.3.dsc
ca5afbcb803a756ac35e060753f412bbd2d044c39e9af97c29000932f76d86c4 28632
jasper_1.900.1-debian1-2.3.debian.tar.xz
Files:
5bba53e10d4ac1009eea3f9f1333c9f8 1927 graphics optional
jasper_1.900.1-debian1-2.3.dsc
b323f814a3d367e471451b1c47175bd9 28632 graphics optional
jasper_1.900.1-debian1-2.3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUl+P+AAoJEAVMuPMTQ89EICwQAJsGQukkB4b5lcX8yLgabJGg
6Q5MjjPlZvZ1KtbB6yIymrBKHh1kMdTZlL5YcIk7gJBigQBxQ671WqsFlItl4AD9
wSRx2C2tbdbXWhKXh55iTMKdThRN85QgnKiFq/hm5dFrnRYTXFYWfUvmLS/KHA6n
jFhK/7wXsmnNQ8hUcff8w965sQEsY22I8X3fku131U0rO78oGzm/KrOPX2Lt35xP
HBhLEIMY3kCs5MjHhA6p/+qNI8wB+j7mueT0TQlSqEaYRzGYzBpo2lRPe9RhqUup
lGbpQEQDJSAgh0ZKETp4+sut1XAKcELVw3pEaRIxtL++mJcKN6uJUJFnVSdzfpnr
5jEab/N++AnDzpFntd12Gh+kWpi5KV9PtFDa+aaiDxfmFYV4ZCHwbw6laVjwfZLS
X2oT1QFLQv4Gb8KOPZridts0D+bCgKk7ehOwFXDTYkbBIGZa5AS4hWuB+REWo7UL
Gn3aGJimcoIGL1yEF2c0alLKGC6L6NIRGyfKRWRm4nWpY7sSdcE9QOm/bYE0QVY2
+1U4dfNan9uJO9r3QnLpeDtFrrdSPpJ1P3RPLx7pmdxeSbR7ygL4w4ZGFG2GZUU1
PsFmioWdMGNniX6PcvFqjHewWSn1JT0DReesPNJXMPdexqViqgwMK4tH7v2whWcB
luQgFUgZu3K4OHuvA/4B
=+nnr
-----END PGP SIGNATURE-----
--- End Message ---
