Summary: | <media-libs/jasper-1.900.26: use after free in jas_realloc (jas_malloc.c) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | sci |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c/ | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Thomas Deutschmann (RETIRED)
2016-11-10 22:20:55 UTC
@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not. hello Thomas. I didn't file the bugs here because for now, jasper is in continue update because of security bugs. There are dozens of bugs still open. I'd like to stabilize a version which at least covers something else, to avoid arches to stabilize more versions in few days. The first upstream version that contains the fix for this bug is 1.900.22 The first fixed version in tree was 1.900.26 So it will be fixed in the next stabilization of jasper. I'm adding stable blocked because there are some things that seems to not work in the latest jasper regards multilib and gold/bfd Version 2.0.12 in tree. Old removed Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request. This issue was resolved and addressed in GLSA 201707-07 at https://security.gentoo.org/glsa/201707-07 by GLSA coordinator Thomas Deutschmann (whissi). |