Arch Linux

Hey, sorry that you have to deal with this twice but i just notices there are 2 more issues [0] that we should backport to mitigate:
CVE-2014-8137 [1] is a double free with severity low and CVE-2014-8138 [2] is a heap buffer overflow with severity high.

CVE-2014-8137: double-free in in jas_iccattrval_destroy()
A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
Mitigation through attached patches [3][4].

CVE-2014-8138: heap overflow in jp2_decode()
A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
Mitigation through attached patch [5].

[0] https://marc.info/?l=oss-security&m=141891163026757&w=2
[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8137
[2] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8138
[3] https://bugzilla.redhat.com/attachment.cgi?id=967283
[4] https://bugzilla.redhat.com/attachment.cgi?id=967284
[5] https://bugzilla.redhat.com/attachment.cgi?id=967280