[Secure-testing-team] Bug#773463: jasper: CVE-2014-8137 CVE-2014-8138
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 18 17:28:47 UTC 2014
Source: jasper
Version: 1.900.1-7
Severity: grave
Tags: security upstream
Hi,
the following vulnerabilities were published for jasper.
CVE-2014-8137[0]:
double-free in in jas_iccattrval_destroy()
CVE-2014-8138[1]:
heap overflow in jp2_decode()
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-8137
[1] https://security-tracker.debian.org/tracker/CVE-2014-8138
[2] http://www.ocert.org/advisories/ocert-2014-012.html
Regards,
Salvatore
More information about the Secure-testing-team
mailing list