FS#48511 : [jasper] multiple issues CVE-2016-2089 CVE-2016-2089 CVE-2016-1577

FS#48511 - [jasper] multiple issues CVE-2016-2089 CVE-2016-2089 CVE-2016-1577

Attached to Project: Arch Linux
Opened by Levente Polyak (anthraxx) - Tuesday, 08 March 2016, 19:58 GMT
Last edited by Jan de Groot (JGC) - Wednesday, 04 May 2016, 10:13 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Eric Belanger (Snowman)
Architecture	All
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	3 maxspice (maxspice) (2016-04-09) Andrey Vihrov (andreyv) (2016-04-06) Jens Adam (byte) (2016-03-09)
Private	No

Details

Three vulnerabilities have been discovered that need patches to be applied.
I have attached a patch for the PKGBUILD and all three patches for CVE-2016-2089 CVE-2016-2089 CVE-2016-1577.

cheers,
Levente

https://access.redhat.com/security/cve/CVE-2016-2116
https://access.redhat.com/security/cve/CVE-2016-2089
https://access.redhat.com/security/cve/CVE-2016-1577

PKGBUILD.patch (2.2 KiB)

jasper-1.900.1-CVE-2016-1577.... (0.5 KiB)

jasper-1.900.1-CVE-2016-2089.... (2.3 KiB)

jasper-1.900.1-CVE-2016-2116.... (0.4 KiB)

This task depends upon

Closed by Jan de Groot (JGC)
Wednesday, 04 May 2016, 10:13 GMT
Reason for closing: Fixed

Comment by Jens Adam (byte) - Saturday, 12 March 2016, 20:10 GMT

Could you also take a look at ~~FS#46161~~ before patching? There have been issues with one of the last patches.

Comment by Hussam Al-Tayeb (hussam) - Monday, 11 April 2016, 17:50 GMT

Perhaps software should be ported to use the maintained openjpeg implementation for JPEG2000 decoding instead.

	Tasks related to this task (0)

Duplicate tasks of this task (1)
~~FS#48147 - [jasper] CVE-2016-2089~~

Arch Linux

FS#48511 - [jasper] multiple issues CVE-2016-2089 CVE-2016-2089 CVE-2016-1577

Details

Loading...