(CVE-2016-9397) CVE-2016-9397 jasper: reachable assertion in jpc_dequantize() -- https://bugzilla.redhat.com/show_bug.cgi?id=1396979 (CVE-2016-9396) - media-libs/jasper: reachable assertion in JPC_NOMINALGAIN() -- https://bugzilla.redhat.com/show_bug.cgi?id=1396978 (CVE-2016-9398) - media-libs/jasper: reachable assertion in jpc_floorlog2() -- https://bugzilla.redhat.com/show_bug.cgi?id=1396980 (CVE-2017-6852) - media-libs/jasper: Out of bounds heap read in jpc_dec_decodepkt -- https://bugzilla.redhat.com/show_bug.cgi?id=1434459 -- https://bugs.gentoo.org/show_bug.cgi?id=614032 (CVE-2017-6851) - media-libs/jasper: Invalid memory read in jas_matrix_bindsub (jas_seq.c) -- https://bugzilla.redhat.com/show_bug.cgi?id=1435324 (CVE-2017-5505) - media-libs/jasper: Invalid memory read in jas_matrix_asl -- https://bugzilla.redhat.com/show_bug.cgi?id=1416068 (CVE-2017-5504) - media-libs/jasper: Invalid memory read in jpc_undo_roi --https://bugzilla.redhat.com/show_bug.cgi?id=1416069 (CVE-2017-5503) - media-libs/jasper: invalid memory write in dec_clnpass() --https://bugzilla.redhat.com/show_bug.cgi?id=1416056
These bugs were already been filed. Since they were filed separately, I don't know to which bug mark as a duplicate, so I'm closing as OBSOLETE
