jasper has a number of unfixed CVEs: CVE-2016-1867 CVE-2015-5221 CVE-2015-5203
all of which were marked <no-dsa> for wheezy and jessie. I understand
this for CVE-2016-1867 as that's only an out-of-bounds read, but the
other two are double-frees that I would expect to be usable for code
execution. Am I missing something?
Ben.
--
Ben Hutchings
Theory and practice are closer in theory than in practice.
- John Levine, moderator of comp.compilers
signature.asc
Description: This is a digitally signed message part
