From ${URL} : #2014-009 JasPer input sanitization errors Description: The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by two heap-based buffer overflows which can lead to arbitrary code execution. The vulnerability is present in functions jpc_dec_cp_setfromcox() and jpc_dec_cp_setfromrgn(). A specially crafted jp2 file, can be used to trigger the overflows. Affected version: JasPer <= 1.900.1 Fixed version: JasPer, N/A Credit: vulnerability report received from the Google Security Team. CVE: CVE-2014-9029 Timeline: 2014-11-19: vulnerability report received 2014-11-20: contacted affected vendors 2014-11-21: assigned CVE 2014-11-27: patch contributed by Tomas Hoger from Red Hat Product Security 2014-12-04: advisory release References: http://www.ece.uvic.ca/~frodo/jasper https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-9029 Permalink: http://www.ocert.org/advisories/ocert-2014-009.html @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
+*jasper-1.900.1-r7 (05 Dec 2014) + + 05 Dec 2014; Justin Lecher <jlec@gentoo.org> +jasper-1.900.1-r7.ebuild, + +files/jasper-1.701.0-GL.patch, +files/jasper-1.701.0-GL-ac.patch, + +files/jasper-CVE-2014-9029.patch, +files/jasper-pkgconfig.patch: + Import security fix from fedora for CVE-2014-9029, #531688 +
@arches, please stable.
Stable for HPPA.
Oh, you forgot (again): Arch teams, please test and mark stable: =media-libs/jasper-1.900.1-r7 Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
amd64 stable
x86 stable
ppc stable
ia64 stable
alpha stable
arm stable
ppc64 stable
sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
+ 26 Dec 2014; Justin Lecher <jlec@gentoo.org> -jasper-1.900.1-r6.ebuild: + Drop vulnerable version + Tree is clean now.
CVE-2014-9029 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9029): Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
This issue was resolved and addressed in GLSA 201503-01 at http://security.gentoo.org/glsa/glsa-201503-01.xml by GLSA coordinator Mikle Kolyada (Zlogene).