Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#43044 - [jasper] arbitrary code execution (CVE-2014-9029)
Attached to Project:
Arch Linux
Opened by Remi Gacogne (rgacogne) - Monday, 08 December 2014, 09:46 GMT
Last edited by Eric Belanger (Snowman) - Friday, 19 December 2014, 01:03 GMT
Opened by Remi Gacogne (rgacogne) - Monday, 08 December 2014, 09:46 GMT
Last edited by Eric Belanger (Snowman) - Friday, 19 December 2014, 01:03 GMT
|
DetailsTwo heap-based buffer overflow have been found in the jasper library, leading to arbitrary code execution [1] (CVE-2014-9029). I believe we should backport the patch [2] contributed from the Red Hat Security Team, as it does not seem likely that a new version addressing this issue will be released soon.
[1]: https://marc.info/?l=oss-security&m=141770163916268&w=2 [2]: https://bugzilla.redhat.com/attachment.cgi?id=961994&action=diff |
This task depends upon
Closed by Eric Belanger (Snowman)
Friday, 19 December 2014, 01:03 GMT
Reason for closing: Fixed
Additional comments about closing: jasper-1.900.1-11
Friday, 19 December 2014, 01:03 GMT
Reason for closing: Fixed
Additional comments about closing: jasper-1.900.1-11