SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libjasper-devel-2.0.14-4.11.68.i586.rpm :

* Wed Aug 26 2020 Michael Vetter - bsc#1010979 CVE-2016-9398: Use new fix from upstream where we actually check for allowed value range instead of just negating Add jasper-CVE-2016-9398-upstream.patch
* Mon Aug 17 2020 Michael Vetter - bsc#1120807 CVE-2018-20570: Fix heap based buffer over-read in jp2_encode Add jasper-CVE-2018-20570.patch- bsc#1120805 CVE-2018-20622: Fix memory leak in jas_malloc.c Add jasper-CVE-2018-20622.patch- bsc#1117328 CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup Add jasper-CVE-2018-19543-CVE-2017-9782.patch- bsc#1115637 CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms Add jasper-CVE-2018-19139.patch- bsc#1114498 CVE-2018-18873: Fix null pointer deref in ras_putdatastd Add jasper-CVE-2018-18873.patch- bsc#1088278 CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize Add jasper-CVE-2018-9252.patch- bsc#1057152 CVE-2017-14132: Fix heap base overflow in by checking components Add jasper-CVE-2017-14132.patch
* Thu Aug 13 2020 Michael Vetter - bsc#1010980 CVE-2016-9399: Fix assert in calcstepsizes Add jasper-CVE-2016-9399.patch- bsc#1020451 CVE-2017-5499: Validate component depth bit Add jasper-CVE-2017-5499.patch- bsc#1020456 CVE-2017-5503, bsc#1020458 CVE-2017-5504, bsc#1020460 CVE-2017-5505: Check bounds in jas_seq2d_bindsub() Add jasper-CVE-2017-5503-CVE-2017-5504-CVE-2017-5505.patch
* Tue Mar 17 2020 Michael Vetter - bsc#1092115 CVE-2018-9154: Fix possible denial of service Add jasper-CVE-2018-9154.patch: dont abort in jpc_dec_process_sot()
* Mon Sep 30 2019 Adam Majer - jasper-CVE-2018-19541.patch: verify color palette information in j2 files when it\'s read from the file as per specifications of JPEG2000. (bsc#1117507)
* Thu Jun 06 2019 mvetterAATTsuse.com- bsc#1117508 CVE-2018-19540: Fix heap based overflow in jas_icctxtdesc_input Add jasper-CVE-2018-19540.patch: Make sure asclen is at least 1- bsc#1117507 CVE-2018-19541: Fix heap based overread in jas_image_depalettize Add jasper-CVE-2018-19541.patch: Check number of lutents
* Fri Mar 29 2019 mvetterAATTsuse.com- bsc#1117505 CVE-2018-19542 Fix NULL pointer dereference jp2_decode: Add jasper-CVE-2018-19542.patch- bsc#1010783 CVE-2016-9396 Fix reachable assertion in jpc_cox_getcompparms:
* Rename 0001-jpc_cs-reject-all-but-JPC_COX_INS-and-JPC_COX_RFT.patch to jasper-CVE-2016-9396.patch
* Tue Mar 12 2019 mvetterAATTsuse.com- bsc#1117511 CVE-2018-19539 Fix access violation in jas_image_readcmpt:
* Add jasper-CVE-2018-19539.patch
* Thu Mar 29 2018 fstrbaAATTsuse.com- Added patch:
* jasper-CVE-2018-9055.patch + fix CVE-2018-9055, bsc#1087020: jasper: denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.
* Thu Mar 29 2018 fstrbaAATTsuse.com- Upgrade to 2.0.14
* Soname and package name change libjasper1 to libjasper4
* Security fixes: + CVE-2016-9557 jasper: Signed integer overflow in jas_image.c- Removed patches:
* jasper-1.900.1-uninitialized.patch + not needed any more
* jasper-CVE-2016-10251.patch
* jasper-CVE-2016-8654.patch
* jasper-CVE-2016-9262.patch
* jasper-CVE-2016-9395.patch
* jasper-CVE-2016-9560.patch
* jasper-CVE-2016-9583.patch
* jasper-CVE-2016-9591.patch
* jasper-CVE-2016-9600.patch
* jasper-CVE-2017-1000050.patch
* jasper-CVE-2017-5498.patch
* jasper-CVE-2017-6850.patch + Fixed upstream- Added patches:
* 0001-jpc_cs-reject-all-but-JPC_COX_INS-and-JPC_COX_RFT.patch + fix assertion failure JPC_NOMINALGAIN() which can be caused by a crafted JP2 file.
* 0001-Added-a-fix-from-nrusch-to-allow-JasPer-to-be-build-.patch + allow JasPer to be build with CMake 2.x as well as CMake 3.x.
  
ICM