Bug#649833: marked as done (jasper: buffer overflow in jas_stream.h when used with mkstemp)

Debian Bug Tracking System Sun, 27 Nov 2011 13:19:17 -0800

Your message dated Sun, 27 Nov 2011 21:14:47 +0000
with message-id <[email protected]>
and subject line Bug#649833: fixed in jasper 1.900.1-12
has caused the Debian Bug report #649833,
regarding jasper: buffer overflow in jas_stream.h when used with mkstemp
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
649833: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649833
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: jasper
Severity: important
Tags: security patch

Ghostscript recently patched its convenience copy of Jasper.

Hereby passed on, in case the bug was not tied to other patching of the
Jasper code in the Ghostscript project.

More info and patch is at the Ghostscript bug tracker:
http://bugs.ghostscript.com/show_bug.cgi?id=692574


Regards,

 - Jonas

--- End Message ---

--- Begin Message ---

Source: jasper
Source-Version: 1.900.1-12

We believe that the bug you reported is fixed in the latest version of
jasper, which is due to be installed in the Debian FTP archive:

jasper_1.900.1-12.debian.tar.gz
  to main/j/jasper/jasper_1.900.1-12.debian.tar.gz
jasper_1.900.1-12.dsc
  to main/j/jasper/jasper_1.900.1-12.dsc
libjasper-dev_1.900.1-12_i386.deb
  to main/j/jasper/libjasper-dev_1.900.1-12_i386.deb
libjasper-runtime_1.900.1-12_i386.deb
  to main/j/jasper/libjasper-runtime_1.900.1-12_i386.deb
libjasper1_1.900.1-12_i386.deb
  to main/j/jasper/libjasper1_1.900.1-12_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Roland Stigge <[email protected]> (supplier of updated jasper package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 27 Nov 2011 19:56:01 +0100
Source: jasper
Binary: libjasper1 libjasper-dev libjasper-runtime
Architecture: source i386
Version: 1.900.1-12
Distribution: unstable
Urgency: low
Maintainer: Roland Stigge <[email protected]>
Changed-By: Roland Stigge <[email protected]>
Description: 
 libjasper-dev - Development files for the JasPer JPEG-2000 library
 libjasper-runtime - Programs for manipulating JPEG-2000 files
 libjasper1 - JasPer JPEG-2000 runtime library
Closes: 649833
Changes: 
 jasper (1.900.1-12) unstable; urgency=low
 .
   * Added patch to fix filename buffer overflow, thanks to Jonas Smedegard
     and Alex Cherepanov from ghostscript (Closes: #649833)
Checksums-Sha1: 
 afc269d387b950e97568c7ddc19acb2e10acdbf8 1219 jasper_1.900.1-12.dsc
 e1e9d80573fc86e56c054451dd70f16720716405 30851 jasper_1.900.1-12.debian.tar.gz
 a4ce7c38070e8de6f3634d75b7d66db9ea79a1e7 158874 libjasper1_1.900.1-12_i386.deb
 c7f1ef6b423c25994d29a2b0c00c3fba40777a50 564656 
libjasper-dev_1.900.1-12_i386.deb
 9e81f1ce014d5917e33ba0afd7008b9c34f76b50 25394 
libjasper-runtime_1.900.1-12_i386.deb
Checksums-Sha256: 
 bb01e69af9b68c4ec74520f4fc3187516ffe302bf48462716bb392034edc888c 1219 
jasper_1.900.1-12.dsc
 f5e919fb1ba7432b392b3a1ec0cb21453acc11699ccdd14b5649212f9e898189 30851 
jasper_1.900.1-12.debian.tar.gz
 4fe27dbd0afa8b8e2fe84781a49739f33b4e2dd3e879041487dcefcc6741c2f4 158874 
libjasper1_1.900.1-12_i386.deb
 094fb9d17982e165c5fa4d9fa74f2ceed43e104bbdbc18c75bddc15f443b3746 564656 
libjasper-dev_1.900.1-12_i386.deb
 0c16c747b145761daa6b5aca3cc3c36940767b18d914f65598c09510cd0b8fb3 25394 
libjasper-runtime_1.900.1-12_i386.deb
Files: 
 c18bdffd1445ca6c13f74c9a7be1854d 1219 graphics optional jasper_1.900.1-12.dsc
 9ecc6e1a361848088644e10207a0da05 30851 graphics optional 
jasper_1.900.1-12.debian.tar.gz
 dec50ba2ed7b51cceae6fc23f37d1447 158874 libs optional 
libjasper1_1.900.1-12_i386.deb
 cd3cbe80e0ff5f1cb14ca916c3b301cb 564656 libdevel optional 
libjasper-dev_1.900.1-12_i386.deb
 1e0b85cd762223239d13f0fe3eb0810c 25394 graphics optional 
libjasper-runtime_1.900.1-12_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFO0or0caH/YBv43g8RAtHqAJ9lT7HtpMwAR7afQcgrQUKRcwY03wCgrxvj
wlEgpKZMEwkzap7ewAMeoYI=
=lGbQ
-----END PGP SIGNATURE-----

--- End Message ---

Bug#649833: marked as done (jasper: buffer overflow in jas_stream.h when used with mkstemp)

Reply via email to