[ubuntu/xenial-updates] jasper 1.900.1-debian1-2.4ubuntu1.3 (Accepted)

[Ubuntu Archive Robot]

jasper (1.900.1-debian1-2.4ubuntu1.3) xenial-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2018-18873.patch: check components for RGB,
      fixes NULL pointer deference in src/libjasper/ras/ras_enc.c.
    - CVE-2018-18873
  * SECURITY UPDATE: Null pointer dereference
    - debian/patches/CVE-2018-19542-and-CVE-2017-9782.patch: fix numchans mixup,
      NULL dereference in src/libjasper/jp2/jp2_dec.c.
    - CVE-2018-19542
    - CVE-2017-9782
  * SECURITY UPDATE: Out of bounds write
    - debian/patches/CVE-2020-27828.patch: avoid maxrlvls more
      than upper bound to cause heap-buffer-overflow in
      src/libjasper/jpc/jpc_enc.c.
    - CVE-2020-27828

Date: 2021-01-08 15:25:09.422167+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/jasper/1.900.1-debian1-2.4ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.