Your message dated Tue, 08 Mar 2016 21:47:09 +0000 with message-id <e1adptb-0000f1...@franck.debian.org> and subject line Bug#816625: fixed in jasper 1.900.1-debian1-2.4+deb8u1 has caused the Debian Bug report #816625, regarding jasper: CVE-2016-1577: double free vulnerability in the jas_iccattrval_destroy function to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 816625: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816625 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: jasper Version: 1.900.1-7 Severity: grave Tags: security upstream Hi, the following vulnerability was published for jasper. CVE-2016-1577[0]: double free vulnerability in the jas_iccattrval_destroy function If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-1577 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: jasper Source-Version: 1.900.1-debian1-2.4+deb8u1 We believe that the bug you reported is fixed in the latest version of jasper, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 816...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated jasper package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 06 Mar 2016 14:49:44 +0100 Source: jasper Binary: libjasper1 libjasper-dev libjasper-runtime Architecture: source Version: 1.900.1-debian1-2.4+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Roland Stigge <sti...@antcom.de> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 812978 816625 816626 Description: libjasper-dev - Development files for the JasPer JPEG-2000 library libjasper-runtime - Programs for manipulating JPEG-2000 files libjasper1 - JasPer JPEG-2000 runtime library Changes: jasper (1.900.1-debian1-2.4+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2016-1577: Prevent double-free in jas_iccattrval_destroy() (Closes: #816625) * CVE-2016-2089: matrix rows_ NULL pointer dereference in jas_matrix_clip() (Closes: #812978) * CVE-2016-2116: Prevent jas_stream_t memory leak in jas_iccprof_createfrombuf() (Closes: #816626) Checksums-Sha1: 3e5ce30f9c10320f62b00fc6fe723d81afb883a8 1955 jasper_1.900.1-debian1-2.4+deb8u1.dsc 3b49b1c9ea30c969f608c52e62bf2b743a9769e1 1140771 jasper_1.900.1-debian1.orig.tar.gz c600341ea2cb5be9ee8665bfaf7b3a9df2555f7f 30260 jasper_1.900.1-debian1-2.4+deb8u1.debian.tar.xz Checksums-Sha256: 52e8e9c7164dad5d3e4f68ae14322b4602255eb7a02af347f97a9592d449c685 1955 jasper_1.900.1-debian1-2.4+deb8u1.dsc 7276e8407080d8263b39aeac8305032b0534c7df25bf02718b3944711e3c81d7 1140771 jasper_1.900.1-debian1.orig.tar.gz 995382b8f98a4226c0555a99a7fef938ef5ab04f646c400485cac07ddc53beb6 30260 jasper_1.900.1-debian1-2.4+deb8u1.debian.tar.xz Files: 26447f2a9ef85e3892fade8d66f84ff8 1955 graphics optional jasper_1.900.1-debian1-2.4+deb8u1.dsc d6aa5f1638d703cb03beb996b713ec6c 1140771 graphics optional jasper_1.900.1-debian1.orig.tar.gz ca96ce1cb3b096cbf4dd69c101127b21 30260 graphics optional jasper_1.900.1-debian1-2.4+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJW3DkvAAoJEAVMuPMTQ89Eu1MP/Anx2AT9qP+ZWI37kQd4TwpB urxKjSRMBAJ3ND9JrVPOM2kJ0yvTE91/nlhdK4a+0h8QCh2v398/COqToiYibH+8 W9CeeHXuEU7kDAivKJlt8S2Xl35ku4+nTFCCXtAeQvmcNxoHRpJLF/VgAmdEPpgg jn0B103gbi/OB9oS9nZNMupY0Uq1vsHL6QBf2fTwYXdUM3r6dnTyU8TUWCx8lrDC NIzeY8qv6t0g5zfcJhmgDwUunI1oFTlfBqRNKNkcr+weNCkhW1B8Kr9o0F/qDL/r wFCxasaEEKZIau7KbxNVmm+Ppj8Y0jyi7OgnbDD+l/5g1TxDKR87P+GVOvnzMMEn jBqFA9dNeXxbPdVxlYvqVXh9Aw8lkLIxlEtiFamcsRiKdNLkxrvRHWbjawSp6hqM mI3X9rDCsy/dPyUfMDMp2pq6SevAqBzkl2hRqftyJfLG+VFQBNz4yE9g++yczIp/ jP207ME9c94HT/W7NS3Uu1tza2PjOf7PdbmF2k8rq17h2tip5qWu6w2VcRk9G6g1 y/VQ8pi6xkI3pSLO7StGtZK3YJLfdP6Og3QNJiHIlEkc6uHcyPeE6aZNKnc2J7bX qlNFt0QDj3GY5ulCw6KvwCf2mQfYGqn1TOl4PcKAHqIEygDojZRWIC8ZkEPAsgz7 68n8+2ps2fqZOeB6rM2P =+NQV -----END PGP SIGNATURE-----
--- End Message ---
