-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : jasper Version : 1.900.1-13+deb7u5 CVE ID : CVE-2016-8654 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8882 CVE-2016-8883 CVE-2016-8887 CVE-2016-9560 TEMP-CVE
CVE-2016-8691 FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c CVE-2016-8692 FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c CVE-2016-8693 attempting double-free ... mem_close ... jas_stream.c CVE-2016-8882 segfault / null pointer access in jpc_pi_destroy CVE-2016-9560 stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) CVE-2016-8887 part 1 + 2 NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) CVE-2016-8654 Heap-based buffer overflow in QMFB code in JPC codec CVE-2016-8883 assert in jpc_dec_tiledecode() TEMP-CVE heap-based buffer overflow in jpc_dec_tiledecode (jpc_dec.c) For Debian 7 "Wheezy", these problems have been fixed in version 1.900.1-13+deb7u5. We recommend that you upgrade your jasper packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJYTDiNXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHBqkQAI8Npfpzr+9iQ4EAthd41sm2 VFePWaaxrICN3ZJItxeuH0LDhk0lPZtaa+61qk5rfoAMUDzKQ+izJ9L4Ly2uCpf4 0JXo10A+6gG1vfxYWuEoY3CHIQaLC1zqnNjjQXjHHOdT+SMyM2xst/phDGpawwd+ XZOvnQGb84k0+xe8jXNr3hprQqjc9oSrzXNZ5+Mf9hGaRXxSzoXuUG+k63VUJb/C r0sfpnNyThPSHtmnPwBtDPf0tcVpyR/fX7M71eFpRKeLIyUAXT2QYROPHKi8pUS2 xT8mziB/svtR6tbCP4nlYC0zQ03iRM202CP77uUN42h8y+th7KgDPlIlCMyO60X8 nE+eJX6Mkjc699e+umCyp+N1BKLDTm+8ImvtmnEL4DN0U1Qs3IZUwQvT0PQMjEni BjTEwrmF/KE+6BWu4FgCMMR5vk76bGPC3FtNGN2utRJpYHlun3J8koP7EburtDas buz1/rTChIiWR6XmkocUF98ks+cskeOB6O2kDFBa1ZEKyqT/QP7PaG9Kq1phH82B jUSWWiVOliXbthTojHzwUcTHx10k6keuW0Vg6USAPDKEzG37Gg3nUk6aX6y4dbAs jOgOQC9ZeZoU/HBdqxjbA12clhp6OZ0hisl/N+SIk1kB1F7DDQrnLyAWiX371CHK zMrnJGbdBD2RVuweL/K+ =7N7K -----END PGP SIGNATURE-----