Details at $URL. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE ID: CVE-2017-6850 Summary: The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. Published: 2017-03-15T14:59:01.000Z
Fixed in v2.0.13 via https://github.com/mdadams/jasper/commit/e96fc4fdd525fa0ede28074a7e2b1caf94b58b0d @ Maintainer(s): Please bump to >=media-libs/jasper-2.0.13!
*** Bug 624986 has been marked as a duplicate of this bug. ***
First fixed version in Gentoo: media-libs/jasper-2.0.14
@arches, please stabilize.
ia64 stable
ppc/ppc64 stable
amd64 stable
x86 stable
Stable on alpha.
arm stable
hppa stable
sparc was missed... giving them a chance.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=12a61328fec7deae01bea9186f885ff2b432bd51 commit 12a61328fec7deae01bea9186f885ff2b432bd51 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-05-08 18:10:04 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-08 18:42:38 +0000 media-libs/jasper: stable 2.0.14 for sparc Bug: https://bugs.gentoo.org/614030 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" media-libs/jasper/jasper-2.0.14.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
(In reply to Sergei Trofimovich from comment #7) > ppc/ppc64 stable keywords updated per this comment.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8733e400fb540e3161ec866ee4092ccc5a8fb713 commit 8733e400fb540e3161ec866ee4092ccc5a8fb713 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-05-15 14:56:32 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-05-15 14:57:15 +0000 media-libs/jasper: drop vulnerable Bug: https://bugs.gentoo.org/614030 Package-Manager: Portage-2.3.36, Repoman-2.3.9 media-libs/jasper/Manifest | 1 - media-libs/jasper/jasper-2.0.12.ebuild | 63 ---------------------------------- 2 files changed, 64 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f007101af64f8f0a1143c2401ba51edb3852ddf commit 4f007101af64f8f0a1143c2401ba51edb3852ddf Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-05-15 14:55:10 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-05-15 14:57:11 +0000 media-libs/jasper: stable ppc/ppc64 per slyfox's comment on bug Bug: https://bugs.gentoo.org/614030 Package-Manager: Portage-2.3.36, Repoman-2.3.9 media-libs/jasper/jasper-2.0.14.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
GLSA Vote: No