SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libjasper-devel-1.900.14-3.2.x86_64.rpm :

* Tue Oct 01 2024 Manfred Schwarb - fix build for rpm >= 4.20: do not use %patchN- adjust patch0 so it can be applied with \"diff -p1\"- spec file cleanup
* Thu Mar 29 2018 fstrbaAATTsuse.com- Added patch:
* jasper-CVE-2018-9055.patch + fix CVE-2018-9055, bsc#1087020: jasper: denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.
* Wed Jul 12 2017 fstrbaAATTsuse.com- Other bugs fixed by existing patches:
* jasper-CVE-2016-9395.patch - bsc#1010756, CVE-2016-9394: assertion in jas_matrix_t
* jas_seq2d_create(int, int, int, int): Assertion `xstart <= xend && ystart <= yend\' - bsc#1010757, CVE-2016-9392: pc_dec.c:1637: void calcstepsizes(uint_fast16_t, int, uint_fast16_t
*): Assertion `!((expn + (numrlvls - 1) - (numrlvls - 1 - ((bandno > 0) ? ((bandno + 2) / 3) : (0)))) & (~0x1f))\' failed. - bsc#1010766, CVE-2016-9393: jpc_t2cod.c:297: int jpc_pi_nextrpcl(jpc_pi_t
*): Assertion `pi->prcno pirlvl->numprcs\' failed. - bsc#1010977, CVE-2016-9395: jas_seq.c:90: jas_matrix_t
* jas_seq2d_create(int, int, int, int): Assertion `xstart <= xend && ystart <= yend\' failed.- Other bugs fixed in current version:
* bsc#1010774, CVE-2016-9390: jas_seq.c:90: jas_matrix_t
* jas_seq2d_create(int, int, int, int): Assertion `xstart <= xend && ystart <= yend\' failed.
* bsc#1010782, CVE-2016-9391: jpc_bs.c:197: long jpc_bitstream_getbits(jpc_bitstream_t
*, int): Assertion `n >= 0 && n < 32\' failed.
* bsc#1010968, CVE-2016-9389: Assertion `((c1)->numcols_) == numcols && ((c2)->numcols_) == numcols\' failed.
* bsc#1010975, CVE-2016-9388: ras_dec.c:330: int ras_getcmap(jas_stream_t
*, ras_hdr_t
*, ras_cmap_t
*): Assertion `numcolors <= 256\' failed.
* Tue Jul 11 2017 fstrbaAATTsuse.com- Added patch:
* jasper-CVE-2016-9262.patch + Fix for Multiple overflow vulnerabilities leading to use after free (bsc#1009994, CVE-2016-9262)
* Tue Jul 11 2017 fstrbaAATTsuse.com- Added patch:
* jasper-CVE-2017-1000050.patch + Upstream fix for NULL Pointer Dereference jp2_encode (bsc#1047958, CVE-2017-1000050)
* Thu Mar 30 2017 fstrbaAATTsuse.com- Modified patch:
* jasper-CVE-2016-9583.patch + integrate upstream change 99a50593254d1b53002719bbecfc946c84b23d27, which fixed a null pointer dereferencing crash.
* Wed Mar 22 2017 fstrbaAATTsuse.com- Added patches:
* jasper-CVE-2016-9583.patch - Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400, CVE-2016-9583)
* jasper-CVE-2017-6850.patch - NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) (bsc#1021868, CVE-2017-6850)
* Fri Mar 17 2017 fstrbaAATTsuse.com- Added patches:
* jasper-CVE-2017-5498.patch - Upstream changes putting braces and belts around CVE-2017-5498, bsc#1020353, left-shift undefined behaviour
* jasper-CVE-2016-9600.patch - Upstream fix for \"Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder\" (CVE-2016-9600, bsc#1018088)
* Thu Mar 16 2017 fstrbaAATTsuse.com- Added patch:
* jasper-CVE-2016-10251.patch - Upstream fix for bsc#1029497, CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c)
* Mon Mar 06 2017 sbrabecAATTsuse.com- Add -D_BSD_SOURCE to fix redefinition of system types in jas_config.h and breakage in ppc64le, s390 and s390x (bsc#1028070).
  
ICM