Hello community, here is the log from the commit of package jasper for openSUSE:Factory checked in at 2019-03-14 14:50:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/jasper (Old) and /work/SRC/openSUSE:Factory/.jasper.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jasper" Thu Mar 14 14:50:56 2019 rev:41 rq:684439 version:2.0.14 Changes: -------- --- /work/SRC/openSUSE:Factory/jasper/jasper.changes 2018-04-05 15:27:26.141275522 +0200 +++ /work/SRC/openSUSE:Factory/.jasper.new.28833/jasper.changes 2019-03-14 14:50:57.803800057 +0100 @@ -1,0 +2,6 @@ +Tue Mar 12 16:35:04 UTC 2019 - [email protected] + +- bsc#1117511 CVE-2018-19539: + * Add jasper-CVE-2018-19539.patch + +------------------------------------------------------------------- New: ---- jasper-CVE-2018-19539.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jasper.spec ++++++ --- /var/tmp/diff_new_pack.Fbq7yD/_old 2019-03-14 14:50:58.351799978 +0100 +++ /var/tmp/diff_new_pack.Fbq7yD/_new 2019-03-14 14:50:58.351799978 +0100 @@ -1,7 +1,7 @@ # # spec file for package jasper # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,6 +29,7 @@ Patch2: 0001-jpc_cs-reject-all-but-JPC_COX_INS-and-JPC_COX_RFT.patch Patch3: 0001-Added-a-fix-from-nrusch-to-allow-JasPer-to-be-build-.patch Patch4: jasper-CVE-2018-9055.patch +Patch5: jasper-CVE-2018-19539.patch BuildRequires: Mesa-libGL-devel BuildRequires: cmake BuildRequires: doxygen @@ -85,6 +86,7 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build export CFLAGS="%{optflags} -Wall -std=c99 -D_BSD_SOURCE" ++++++ jasper-CVE-2018-19539.patch ++++++ Index: jasper-2.0.14/src/libjasper/base/jas_image.c =================================================================== --- jasper-2.0.14.orig/src/libjasper/base/jas_image.c +++ jasper-2.0.14/src/libjasper/base/jas_image.c @@ -491,6 +491,10 @@ int jas_image_readcmpt(jas_image_t *imag image, cmptno, JAS_CAST(long, x), JAS_CAST(long, y), JAS_CAST(long, width), JAS_CAST(long, height), data)); + if(data == NULL) { + return -1; + } + if (cmptno < 0 || cmptno >= image->numcmpts_) { return -1; }
