[ubuntu/xenial-security] jasper 1.900.1-debian1-2.4ubuntu1.3 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Mon Jan 11 12:55:07 UTC 2021
jasper (1.900.1-debian1-2.4ubuntu1.3) xenial-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2018-18873.patch: check components for RGB,
fixes NULL pointer deference in src/libjasper/ras/ras_enc.c.
- CVE-2018-18873
* SECURITY UPDATE: Null pointer dereference
- debian/patches/CVE-2018-19542-and-CVE-2017-9782.patch: fix numchans mixup,
NULL dereference in src/libjasper/jp2/jp2_dec.c.
- CVE-2018-19542
- CVE-2017-9782
* SECURITY UPDATE: Out of bounds write
- debian/patches/CVE-2020-27828.patch: avoid maxrlvls more
than upper bound to cause heap-buffer-overflow in
src/libjasper/jpc/jpc_enc.c.
- CVE-2020-27828
Date: 2021-01-08 15:25:09.422167+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/jasper/1.900.1-debian1-2.4ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list