-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : jasper Version : 1.900.1-7+squeeze3 CVE ID : CVE-2014-8137 CVE-2014-8138
Jose Duart of the Google Security Team discovered a double free flaw (CVE-2014-8137) and a heap-based buffer overflow flaw (CVE-2014-8138) in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJUmGZrXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHCWMQAIm/QK9s83noPonAyW3zGpGW DSRD+tJi7NDFRyW5Pc7TEDpwB1Ak5wwI6ck8xSYZ0GqLKNZ1FOG/PCNbk+fPgp9Z pscBjE/m077YktGZbwjOtVn2UG9Dij9gnj48NlGTU0yVEO4/mruqBCifDkT+/IUR FsJxHYofJFiak67H85hNXCcrsaFfu+ojhgAUiZQZowalepbtiRc+5g4xqkVXDJmU YbeJxRaMn/UgiX7MdE/bOlXTzHrEZjQRdnv2cygPfolBhHrGuFgF1lLX5LszQejk ptn6UbpnpVHO6GsQ8RzMvQQl0wrJOfJu0JD23RQvhw521452eqr8SVHluJATcfTp jfAUqmdoQRTHCv1hFEMM0UGGgk3P5dXx9+YfeOHDHSE3FEmcvylBZllW4sSM7JnH /XMKi9jQ/G0LNXsKUe/EzTm0cxD3GjzFMO8BSCr3fs/hhcuMse4A3I5bw6z4p6H0 /hfAipMBP1fYFTucEu6ky4H+sR3dpbQyvJqQ5LRu73a+mrLk+kA5lwFy1k1a4nwk nSJjnROhMRCryac2URavXZvWOl/Q38N3tLTQ+ymzFxms6iZ1VK0QrR2yc6FRGqdz swMXxE1SpwJBB5zkxZnZK+VKUGcf3qFFldi3vWhPIa49tDj71cbglt4B80gGYROe GPTgSkZV+y5n6GOoj+Dt =ghq0 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
