Hello community, here is the log from the commit of package jasper for openSUSE:Factory checked in at 2019-11-06 15:19:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/jasper (Old) and /work/SRC/openSUSE:Factory/.jasper.new.2990 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jasper" Wed Nov 6 15:19:28 2019 rev:45 rq:745234 version:2.0.16 Changes: -------- --- /work/SRC/openSUSE:Factory/jasper/jasper.changes 2019-06-13 22:36:34.672318311 +0200 +++ /work/SRC/openSUSE:Factory/.jasper.new.2990/jasper.changes 2019-11-06 15:19:30.541374390 +0100 @@ -1,0 +2,7 @@ +Mon Nov 4 17:10:14 UTC 2019 - Michael Vetter <[email protected]> + +- bsc#1117507 CVE-2018-19541: Properly fix heap based overread + in jas_image_depalettize. Original fix caused segfaults. + Update jasper-CVE-2018-19541.patch + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jasper.spec ++++++ --- /var/tmp/diff_new_pack.JCTyjf/_old 2019-11-06 15:19:32.141375965 +0100 +++ /var/tmp/diff_new_pack.JCTyjf/_new 2019-11-06 15:19:32.145375969 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # ++++++ jasper-CVE-2018-19541.patch ++++++ --- /var/tmp/diff_new_pack.JCTyjf/_old 2019-11-06 15:19:32.189376013 +0100 +++ /var/tmp/diff_new_pack.JCTyjf/_new 2019-11-06 15:19:32.189376013 +0100 @@ -1,15 +1,17 @@ -Index: jasper-version-2.0.16/src/libjasper/base/jas_image.c +Index: jasper-version-2.0.16/src/libjasper/jp2/jp2_cod.c =================================================================== ---- jasper-version-2.0.16.orig/src/libjasper/base/jas_image.c -+++ jasper-version-2.0.16/src/libjasper/base/jas_image.c -@@ -979,6 +979,10 @@ int jas_image_depalettize(jas_image_t *i - cmptparms.prec = JAS_IMAGE_CDT_GETPREC(dtype); - cmptparms.sgnd = JAS_IMAGE_CDT_GETSGND(dtype); - -+ if (numlutents < 1) { +--- jasper-version-2.0.16.orig/src/libjasper/jp2/jp2_cod.c ++++ jasper-version-2.0.16/src/libjasper/jp2/jp2_cod.c +@@ -855,6 +855,12 @@ static int jp2_pclr_getdata(jp2_box_t *b + jp2_getuint8(in, &pclr->numchans)) { + return -1; + } ++ ++ // verify in range data as per I.5.3.4 - Palette box ++ if (pclr->numchans < 1 || pclr->numlutents < 1 || pclr->numlutents > 1024) { + return -1; + } -+ - if (jas_image_addcmpt(image, newcmptno, &cmptparms)) { ++ + lutsize = pclr->numlutents * pclr->numchans; + if (!(pclr->lutdata = jas_alloc2(lutsize, sizeof(int_fast32_t)))) { return -1; - }
