[ubuntu/xenial-proposed] jasper 1.900.1-debian1-2.4ubuntu1 (Accepted)

[Tyler Hicks]

jasper (1.900.1-debian1-2.4ubuntu1) xenial; urgency=medium

  * SECURITY UPDATE: Denial of service or possible code execution via crafted
    ICC color profile (LP: #1547865)
    - debian/patches/09-CVE-2016-1577.patch: Prevent double-free in
      src/libjasper/base/jas_icc.c
    - CVE-2016-1577
  * SECURITY UPDATE: Denial of service via resource exhaustion via crafted ICC
    color profile
    - debian/patches/10-CVE-2016-2116.patch: Prevent memory leak in
      src/libjasper/base/jas_icc.c
    - CVE-2016-2116

Date: Wed, 02 Mar 2016 15:30:54 -0600
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/jasper/1.900.1-debian1-2.4ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 02 Mar 2016 15:30:54 -0600
Source: jasper
Binary: libjasper1 libjasper-dev libjasper-runtime
Architecture: source
Version: 1.900.1-debian1-2.4ubuntu1
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description:
 libjasper-dev - Development files for the JasPer JPEG-2000 library
 libjasper-runtime - Programs for manipulating JPEG-2000 files
 libjasper1 - JasPer JPEG-2000 runtime library
Launchpad-Bugs-Fixed: 1547865
Changes:
 jasper (1.900.1-debian1-2.4ubuntu1) xenial; urgency=medium
 .
   * SECURITY UPDATE: Denial of service or possible code execution via crafted
     ICC color profile (LP: #1547865)
     - debian/patches/09-CVE-2016-1577.patch: Prevent double-free in
       src/libjasper/base/jas_icc.c
     - CVE-2016-1577
   * SECURITY UPDATE: Denial of service via resource exhaustion via crafted ICC
     color profile
     - debian/patches/10-CVE-2016-2116.patch: Prevent memory leak in
       src/libjasper/base/jas_icc.c
     - CVE-2016-2116
Checksums-Sha1:
 f7b57ab06e9a723f3fc1f2a447ea237fdbfa0b71 2034 jasper_1.900.1-debian1-2.4ubuntu1.dsc
 413f5675280aba22a73fdd0f6e37eb10769542e7 29996 jasper_1.900.1-debian1-2.4ubuntu1.debian.tar.xz
Checksums-Sha256:
 4643e2851342968cb9d1778b1fc1d8264a9c82f49afa572609f6c35430e565ce 2034 jasper_1.900.1-debian1-2.4ubuntu1.dsc
 081a729d3dda746486e13cb18337972a154d896aa77d10c6c0e05680a917e66f 29996 jasper_1.900.1-debian1-2.4ubuntu1.debian.tar.xz
Files:
 37d5e59ba18b515b60b00b58415aa97c 2034 graphics optional jasper_1.900.1-debian1-2.4ubuntu1.dsc
 0f7b6fd364c1014c0c9f7791fe9f7635 29996 graphics optional jasper_1.900.1-debian1-2.4ubuntu1.debian.tar.xz
Original-Maintainer: Roland Stigge <stigge at antcom.de>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJW11y7AAoJENaSAD2qAscKrgQQAK86MwvRtR+SFq//4oa2qy0F
fG3TZP4V+8YRD/K9Cs0FlCMbEGOpi9+nSJkTZlXLc1TV31doC+ug7z8gMPsx6p9T
qZVGb+Gj5eVOuEfINWXuHxKBD7t0nJkcxinzt3ebhFFvDQE2m6pxXX8EHJxIMv5z
emHkzOgcabnuZ6FoUGKtI68mL4kaP9Qvzp2saqird26EWz2a6atm9d6LsMmYxEnO
fVFLKQXZc35Dk/vRCHyw/pyqEF6154/5SSQNPEZRoOdse6iVgABEdg687ISyu/ju
SZ+iDeNvKP83kuUHzoKqy+dauY6yRs9JDCo0C89l0afrklDltLJGfvBqc9ObBqOk
SlWcaS2r5AKjmpGCOU4XUWGyde3FpxMWxlc3Jzl7bTlOkX2iKbCGS+yz39VppcCR
0rLv4r0wJ1+p10PAzJFehlT72S5bwSYKVbVgueKyx326a767Nq8OdVFzQKXxar2M
PUGu2ZUvjxvs4YllWk4ncJ5nRbnEpaEKqIorHUSrzQBbdJx9KpSlidReOV0bQpq0
kSKco4GcIH9z2G9ntR4+1UecQWyFR8rHYIdWewaRlXz/qt+UzVXUMNy1TuzlH88o
W4LPVnLWVlg6WG3JqH2xupnJEEuZV3+B2ySbH7rH08bVNcS2cVve1/d398TvszgW
rrhFr1Pn2Mx4bm5M25Kb
=bHYC
-----END PGP SIGNATURE-----