Debian-LTS alert DLA-121-1 (jasper)
| From: | Thorsten Alteholz <debian@alteholz.de> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 121-1] jasper security update | |
| Date: | Mon, 22 Dec 2014 19:43:54 +0100 (CET) | |
| Message-ID: | <alpine.DEB.2.02.1412221942370.19098@jupiter.server.alteholz.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : jasper Version : 1.900.1-7+squeeze3 CVE ID : CVE-2014-8137 CVE-2014-8138 Jose Duart of the Google Security Team discovered a double free flaw (CVE-2014-8137) and a heap-based buffer overflow flaw (CVE-2014-8138) in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJUmGZrXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHCWMQAIm/QK9s83noPonAyW3zGpGW DSRD+tJi7NDFRyW5Pc7TEDpwB1Ak5wwI6ck8xSYZ0GqLKNZ1FOG/PCNbk+fPgp9Z pscBjE/m077YktGZbwjOtVn2UG9Dij9gnj48NlGTU0yVEO4/mruqBCifDkT+/IUR FsJxHYofJFiak67H85hNXCcrsaFfu+ojhgAUiZQZowalepbtiRc+5g4xqkVXDJmU YbeJxRaMn/UgiX7MdE/bOlXTzHrEZjQRdnv2cygPfolBhHrGuFgF1lLX5LszQejk ptn6UbpnpVHO6GsQ8RzMvQQl0wrJOfJu0JD23RQvhw521452eqr8SVHluJATcfTp jfAUqmdoQRTHCv1hFEMM0UGGgk3P5dXx9+YfeOHDHSE3FEmcvylBZllW4sSM7JnH /XMKi9jQ/G0LNXsKUe/EzTm0cxD3GjzFMO8BSCr3fs/hhcuMse4A3I5bw6z4p6H0 /hfAipMBP1fYFTucEu6ky4H+sR3dpbQyvJqQ5LRu73a+mrLk+kA5lwFy1k1a4nwk nSJjnROhMRCryac2URavXZvWOl/Q38N3tLTQ+ymzFxms6iZ1VK0QrR2yc6FRGqdz swMXxE1SpwJBB5zkxZnZK+VKUGcf3qFFldi3vWhPIa49tDj71cbglt4B80gGYROe GPTgSkZV+y5n6GOoj+Dt =ghq0 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-lts-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/alpine.DEB.2.02.1412221942370.19...