lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1XwY9w-00060O-JP@master.debian.org>
Date: Thu, 04 Dec 2014 15:17:36 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3089-1] jasper security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3089-1                   security@...ian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
December 04, 2014                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : jasper
CVE ID         : CVE-2014-9029
Debian Bug     : 772036

Josh Duart of the Google Security Team discovered heap-based buffer
overflow flaws in JasPer, a library for manipulating JPEG-2000 files,
which could lead to denial of service (application crash) or the
execution of arbitrary code.

For the stable distribution (wheezy), these problems have been fixed
in version 1.900.1-13+deb7u1.

For the upcoming stable distribution (jessie) and the unstable
distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your jasper packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUgHrJAAoJEAVMuPMTQ89EFekP/21TDzhAR4T6eKGUQ6MMigUu
XqHkqsFkaP+6oKyVWjgzH38EWANEDDXoi0/T0KORY6uzaJwBQ+DdjHWVHokyN8Iy
ynJQ60foV0+h5ZabpUbJc0uLnF8sc9V4AxAeQ+Z/C6lvIdF/kwXMCMFdd+gF3lI6
eZzE0pgBA5I9vJO0YREVXYtPVZ86R8Igy+YtKTBnXjPe2W4Mkc3pb9Dr2ha0eATH
ZwNS9R2s6ifpDPHr5xtxAp3j5FDLuCGfswoGFDisW2sWXuRAbG1QKnRXH7uy4MyK
DIIyuS+0LMGhym8+DB1KGMMo4MFhVsydSG4vx5zLkxZYahXDp/wMKQGT0lft5q8y
4DN2FYqwgLMDgGsL8AcFIJ40G6iXc4Uug6B0nyRHtKpy8nnnKhxIjnSVe6Q4PFra
Bph4CiWsfu9kJUYFk4ukD/kAnILc+RfPwfMGA9t0XKz3WVixfv+vhWMRG90cmmNA
14rsVkkts52RyhAiuhgyxS5UuqE3srNyx64NLMKvIZJuT9Id/V5+ciovZEFsOD7k
M05WadrNff5YQTkLjZKNSwkZ2YwaHP7uwJ2euMFBMkOtz8s2GBQnxLWb0A7IYNGC
1pNEXC7a9FHutmFFdYMCc7OP/oUiGZb4qe+rvH3GyLnegTDQZ0MN7oYX3ze5IUYc
LDS8UAI8LMV2/X2knxLJ
=qpMK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ