[ubuntu/precise-security] jasper 1.900.1-13ubuntu0.3 (Accepted)

Tyler Hicks tyhicks at canonical.com
Thu Mar 3 14:02:15 UTC 2016


jasper (1.900.1-13ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service or possible code execution via crafted
    ICC color profile (LP: #1547865)
    - debian/patches/09-CVE-2016-1577.patch: Prevent double-free in
      src/libjasper/base/jas_icc.c
    - CVE-2016-1577
  * SECURITY UPDATE: Denial of service via resource exhaustion via crafted ICC
    color profile
    - debian/patches/10-CVE-2016-2116.patch: Prevent memory leak in
      src/libjasper/base/jas_icc.c
    - CVE-2016-2116

Date: 2016-02-26 06:30:22.059875+00:00
Changed-By: Tyler Hicks <tyhicks at canonical.com>
https://launchpad.net/ubuntu/+source/jasper/1.900.1-13ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.


More information about the Precise-changes mailing list