This bug was fixed in the package jasper -
1.900.1-debian1-2.4ubuntu0.15.10.1
---------------
jasper (1.900.1-debian1-2.4ubuntu0.15.10.1) wily-security; urgency=medium
* SECURITY UPDATE: Denial of service or possible code execution via crafted
ICC color profile (LP: #1547865)
- debian/patches/09-CVE-2016-1577.patch: Prevent double-free in
src/libjasper/base/jas_icc.c
- CVE-2016-1577
* SECURITY UPDATE: Denial of service via resource exhaustion via crafted ICC
color profile
- debian/patches/10-CVE-2016-2116.patch: Prevent memory leak in
src/libjasper/base/jas_icc.c
- CVE-2016-2116
-- Tyler Hicks <[email protected]> Fri, 26 Feb 2016 00:07:11 -0600
** Changed in: jasper (Ubuntu)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2116
** Changed in: jasper (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1547865
Title:
Double free in libjasper jas_icc.c
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/jasper/+bug/1547865/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
