Hello community, here is the log from the commit of package jasper for openSUSE:Factory checked in at 2019-06-13 22:36:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/jasper (Old) and /work/SRC/openSUSE:Factory/.jasper.new.4811 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jasper" Thu Jun 13 22:36:33 2019 rev:44 rq:708034 version:2.0.16 Changes: -------- --- /work/SRC/openSUSE:Factory/jasper/jasper.changes 2019-03-27 16:13:44.451631780 +0100 +++ /work/SRC/openSUSE:Factory/.jasper.new.4811/jasper.changes 2019-06-13 22:36:34.672318311 +0200 @@ -1,0 +2,8 @@ +Thu Jun 6 07:43:02 UTC 2019 - mvet...@suse.com + +- bsc#1117508 CVE-2018-19540: Fix heap based overflow in jas_icctxtdesc_input + Add jasper-CVE-2018-19540.patch: Make sure asclen is at least 1 +- bsc#1117507 CVE-2018-19541: Fix heap based overread in jas_image_depalettize + Add jasper-CVE-2018-19541.patch: Check number of lutents + +------------------------------------------------------------------- New: ---- jasper-CVE-2018-19540.patch jasper-CVE-2018-19541.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jasper.spec ++++++ --- /var/tmp/diff_new_pack.aNYCVZ/_old 2019-06-13 22:36:36.376317757 +0200 +++ /var/tmp/diff_new_pack.aNYCVZ/_new 2019-06-13 22:36:36.412317745 +0200 @@ -30,6 +30,10 @@ Patch4: jasper-CVE-2018-9055.patch # https://github.com/mdadams/jasper/pull/200 Patch6: jasper-CVE-2018-19542.patch +# https://github.com/mdadams/jasper/pull/198 +Patch7: jasper-CVE-2018-19540.patch +# https://github.com/mdadams/jasper/pull/199 +Patch8: jasper-CVE-2018-19541.patch BuildRequires: Mesa-libGL-devel BuildRequires: cmake BuildRequires: doxygen @@ -84,6 +88,8 @@ %patch1 -p1 %patch4 -p1 %patch6 -p1 +%patch7 -p1 +%patch8 -p1 %build export CFLAGS="%{optflags} -Wall -std=c99 -D_BSD_SOURCE" ++++++ jasper-CVE-2018-19540.patch ++++++ Index: jasper-version-2.0.16/src/libjasper/base/jas_icc.c =================================================================== --- jasper-version-2.0.16.orig/src/libjasper/base/jas_icc.c +++ jasper-version-2.0.16/src/libjasper/base/jas_icc.c @@ -1104,6 +1104,8 @@ static int jas_icctxtdesc_input(jas_icca if (jas_stream_read(in, txtdesc->ascdata, txtdesc->asclen) != JAS_CAST(int, txtdesc->asclen)) goto error; + if (txtdesc->asclen < 1) + goto error; txtdesc->ascdata[txtdesc->asclen - 1] = '\0'; if (jas_iccgetuint32(in, &txtdesc->uclangcode) || jas_iccgetuint32(in, &txtdesc->uclen)) ++++++ jasper-CVE-2018-19541.patch ++++++ Index: jasper-version-2.0.16/src/libjasper/base/jas_image.c =================================================================== --- jasper-version-2.0.16.orig/src/libjasper/base/jas_image.c +++ jasper-version-2.0.16/src/libjasper/base/jas_image.c @@ -979,6 +979,10 @@ int jas_image_depalettize(jas_image_t *i cmptparms.prec = JAS_IMAGE_CDT_GETPREC(dtype); cmptparms.sgnd = JAS_IMAGE_CDT_GETSGND(dtype); + if (numlutents < 1) { + return -1; + } + if (jas_image_addcmpt(image, newcmptno, &cmptparms)) { return -1; }
