FS#48511 - [jasper] multiple issues CVE-2016-2089 CVE-2016-2089 CVE-2016-1577

Attached to Project: Arch Linux
Opened by Levente Polyak (anthraxx) - Tuesday, 08 March 2016, 19:58 GMT
Last edited by Jan de Groot (JGC) - Wednesday, 04 May 2016, 10:13 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Eric Belanger (Snowman)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 3
Private No


Three vulnerabilities have been discovered that need patches to be applied.
I have attached a patch for the PKGBUILD and all three patches for CVE-2016-2089 CVE-2016-2089 CVE-2016-1577.


This task depends upon

Closed by  Jan de Groot (JGC)
Wednesday, 04 May 2016, 10:13 GMT
Reason for closing:  Fixed
Comment by Jens Adam (byte) - Saturday, 12 March 2016, 20:10 GMT
Could you also take a look at  FS#46161  before patching? There have been issues with one of the last patches.
Comment by Hussam Al-Tayeb (hussam) - Monday, 11 April 2016, 17:50 GMT
Perhaps software should be ported to use the maintained openjpeg implementation for JPEG2000 decoding instead.