Summary: | <media-libs/jasper-1.900.1-r9: input sanitization errors (CVE-2014-{8157,8158}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | sci |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/01/21/16 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-01-24 09:46:34 UTC
+*jasper-1.900.1-r9 (24 Jan 2015) + + 24 Jan 2015; Justin Lecher <jlec@gentoo.org> +jasper-1.900.1-r9.ebuild, + +files/jasper-CVE-2014-8157.patch, +files/jasper-CVE-2014-8158.patch: + Add fixes for CVE-2014-815{7,8}, #537530 + @arches, please stabilize, target is media-libs/jasper-1.900.1-r9 Stable for HPPA. amd64 stable x86 stable arm stable ppc stable CVE-2014-8158 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8158): Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. CVE-2014-8157 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8157): Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. sparc stable ppc64 stable ia64 stable alpha stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. + 24 Feb 2015; Justin Lecher <jlec@gentoo.org> -jasper-1.900.1-r8.ebuild: + Drop vulnerable version + Cleaned Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request. This issue was resolved and addressed in GLSA 201503-01 at http://security.gentoo.org/glsa/glsa-201503-01.xml by GLSA coordinator Mikle Kolyada (Zlogene). |