SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for jasper-2.0.14-12.1.x86_64.rpm :

* Sat Oct 12 2024 Yasuhiko Kamata - Use %patch -P N instead of deprecated %patchN (for RPM version 4.20).
* Mon Sep 30 2019 Adam Majer - jasper-CVE-2018-19541.patch: verify color palette information in j2 files when it\'s read from the file as per specifications of JPEG2000. (bsc#1117507)
* Thu Jun 06 2019 mvetterAATTsuse.com- bsc#1117508 CVE-2018-19540: Fix heap based overflow in jas_icctxtdesc_input Add jasper-CVE-2018-19540.patch: Make sure asclen is at least 1- bsc#1117507 CVE-2018-19541: Fix heap based overread in jas_image_depalettize Add jasper-CVE-2018-19541.patch: Check number of lutents
* Fri Mar 29 2019 mvetterAATTsuse.com- bsc#1117505 CVE-2018-19542 Fix NULL pointer dereference jp2_decode: Add jasper-CVE-2018-19542.patch- bsc#1010783 CVE-2016-9396 Fix reachable assertion in jpc_cox_getcompparms:
* Rename 0001-jpc_cs-reject-all-but-JPC_COX_INS-and-JPC_COX_RFT.patch to jasper-CVE-2016-9396.patch
* Tue Mar 12 2019 mvetterAATTsuse.com- bsc#1117511 CVE-2018-19539 Fix access violation in jas_image_readcmpt:
* Add jasper-CVE-2018-19539.patch
* Thu Mar 29 2018 fstrbaAATTsuse.com- Added patch:
* jasper-CVE-2018-9055.patch + fix CVE-2018-9055, bsc#1087020: jasper: denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.
* Thu Mar 29 2018 fstrbaAATTsuse.com- Upgrade to 2.0.14
* Soname and package name change libjasper1 to libjasper4
* Security fixes: + CVE-2016-9557 jasper: Signed integer overflow in jas_image.c- Removed patches:
* jasper-1.900.1-uninitialized.patch + not needed any more
* jasper-CVE-2016-10251.patch
* jasper-CVE-2016-8654.patch
* jasper-CVE-2016-9262.patch
* jasper-CVE-2016-9395.patch
* jasper-CVE-2016-9560.patch
* jasper-CVE-2016-9583.patch
* jasper-CVE-2016-9591.patch
* jasper-CVE-2016-9600.patch
* jasper-CVE-2017-1000050.patch
* jasper-CVE-2017-5498.patch
* jasper-CVE-2017-6850.patch + Fixed upstream- Added patches:
* 0001-jpc_cs-reject-all-but-JPC_COX_INS-and-JPC_COX_RFT.patch + fix assertion failure JPC_NOMINALGAIN() which can be caused by a crafted JP2 file.
* 0001-Added-a-fix-from-nrusch-to-allow-JasPer-to-be-build-.patch + allow JasPer to be build with CMake 2.x as well as CMake 3.x.
* Wed Jul 12 2017 fstrbaAATTsuse.com- Other bugs fixed by existing patches:
* jasper-CVE-2016-9395.patch - bsc#1010756, CVE-2016-9394: assertion in jas_matrix_t
* jas_seq2d_create(int, int, int, int): Assertion `xstart <= xend && ystart <= yend\' - bsc#1010757, CVE-2016-9392: pc_dec.c:1637: void calcstepsizes(uint_fast16_t, int, uint_fast16_t
*): Assertion `!((expn + (numrlvls - 1) - (numrlvls - 1 - ((bandno > 0) ? ((bandno + 2) / 3) : (0)))) & (~0x1f))\' failed. - bsc#1010766, CVE-2016-9393: jpc_t2cod.c:297: int jpc_pi_nextrpcl(jpc_pi_t
*): Assertion `pi->prcno pirlvl->numprcs\' failed. - bsc#1010977, CVE-2016-9395: jas_seq.c:90: jas_matrix_t
* jas_seq2d_create(int, int, int, int): Assertion `xstart <= xend && ystart <= yend\' failed.- Other bugs fixed in current version:
* bsc#1010774, CVE-2016-9390: jas_seq.c:90: jas_matrix_t
* jas_seq2d_create(int, int, int, int): Assertion `xstart <= xend && ystart <= yend\' failed.
* bsc#1010782, CVE-2016-9391: jpc_bs.c:197: long jpc_bitstream_getbits(jpc_bitstream_t
*, int): Assertion `n >= 0 && n < 32\' failed.
* bsc#1010968, CVE-2016-9389: Assertion `((c1)->numcols_) == numcols && ((c2)->numcols_) == numcols\' failed.
* bsc#1010975, CVE-2016-9388: ras_dec.c:330: int ras_getcmap(jas_stream_t
*, ras_hdr_t
*, ras_cmap_t
*): Assertion `numcolors <= 256\' failed.
* bsc#1010960, CVE-2016-9387: jas_seq.c:90: jas_matrix<= yend\' failed.
* Tue Jul 11 2017 fstrbaAATTsuse.com- Added patch:
* jasper-CVE-2016-9262.patch + Fix for Multiple overflow vulnerabilities leading to use after free (bsc#1009994, CVE-2016-9262)
* Tue Jul 11 2017 fstrbaAATTsuse.com- Added patch:
* jasper-CVE-2017-1000050.patch + Upstream fix for NULL Pointer Dereference jp2_encode (bsc#1047958, CVE-2017-1000050)
  
ICM