jasper has a number of unfixed CVEs: CVE-2016-1867 CVE-2015-5221 CVE-2015-5203
all of which were marked <no-dsa> for wheezy and jessie. I understand this for CVE-2016-1867 as that's only an out-of-bounds read, but the other two are double-frees that I would expect to be usable for code execution. Am I missing something? Ben. -- Ben Hutchings Theory and practice are closer in theory than in practice. - John Levine, moderator of comp.compilers
signature.asc
Description: This is a digitally signed message part