Summary: | <media-libs/jasper-1.900.15: Double free corruption (CVE-2015-5203) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | aoaaxy+gentoobugzilla, sci, zazdxscf+bugs.gentoo.org |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2015/q3/366 | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 559168 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2015-08-30 14:06:56 UTC
The first upstream version that contains the fix for this bug is 1.900.10 The first fixed version in tree was 1.900.15 So it will be fixed in the next stabilization of jasper. I'm adding stable blocked because there are some things that seems to not work in the latest jasper regards multilib and gold/bfd Arches and Maintainer(s), Thank you for your work. No longer in tree. GLSA Vote: No Closing as [noglsa]. Added to an existing GLSA Request. Jasper GLSA already in process, adding to it. This issue was resolved and addressed in GLSA 201707-07 at https://security.gentoo.org/glsa/201707-07 by GLSA coordinator Thomas Deutschmann (whissi). |