This bug was fixed in the package jasper - 1.900.1-debian1-2.4
Sponsored for Artur Rona (ari-tczew)
---------------
jasper (1.900.1-debian1-2.4) unstable; urgency=high
* Non-maintainer upload.
* Add 07-CVE-2014-8157.patch patch.
CVE-2014-8157: dec->numtiles off-by-one check in jpc_dec_process_sot().
(Closes: #775970)
* Add 08-CVE-2014-8158.patch patch.
CVE-2014-8158: unrestricted stack memory use in jpc_qmfb.c (Closes: #775970)
-- Salvatore Bonaccorso <[email protected]> Thu, 22 Jan 2015 17:09:24
+0100
** Changed in: jasper (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-8157
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-8158
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1416141
Title:
Sync jasper 1.900.1-debian1-2.4 (main) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/jasper/+bug/1416141/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
