Your message dated Fri, 05 Dec 2014 12:19:07 +0000
with message-id <[email protected]>
and subject line Bug#772036: fixed in jasper 1.900.1-debian1-2.2
has caused the Debian Bug report #772036,
regarding jasper: CVE-2014-9029
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
772036: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772036
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: jasper
Version: 1.900.1-7
Severity: grave
Tags: security upstream

Hi,

the following vulnerability was published for jasper.

CVE-2014-9029[0]:
heap-based buffer overflows

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2014-9029
[1] http://www.ocert.org/advisories/ocert-2014-009.html

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: jasper
Source-Version: 1.900.1-debian1-2.2

We believe that the bug you reported is fixed in the latest version of
jasper, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated jasper package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Dec 2014 08:39:16 +0100
Source: jasper
Binary: libjasper1 libjasper-dev libjasper-runtime
Architecture: source amd64
Version: 1.900.1-debian1-2.2
Distribution: unstable
Urgency: high
Maintainer: Roland Stigge <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
 libjasper-dev - Development files for the JasPer JPEG-2000 library
 libjasper-runtime - Programs for manipulating JPEG-2000 files
 libjasper1 - JasPer JPEG-2000 runtime library
Closes: 772036
Changes:
 jasper (1.900.1-debian1-2.2) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Add 04-CVE-2014-9029.patch patch.
     CVE-2014-9029: incorrect component number check in COC, RGN and QCC
     marker segment decoders. (Closes: #772036)
Checksums-Sha1:
 1876d09685e167af9818c33fb207066faabadbbf 1927 jasper_1.900.1-debian1-2.2.dsc
 5cb2ffd9d26d5b4ee2e19f0322e73f08f609bab4 28040 
jasper_1.900.1-debian1-2.2.debian.tar.xz
Checksums-Sha256:
 1fccedcef4b6e1a682250bf1c6ed4c28bf326f429def886924c038e856899e7a 1927 
jasper_1.900.1-debian1-2.2.dsc
 7f0f6b9e335858fa4732bee2d3c048d83b43144affeda2f91c3c798e90b5d9a1 28040 
jasper_1.900.1-debian1-2.2.debian.tar.xz
Files:
 b587fb7a049802c9836e92aeba44db31 1927 graphics optional 
jasper_1.900.1-debian1-2.2.dsc
 9f727f30336c5d343d5d339d25d2e4be 28040 graphics optional 
jasper_1.900.1-debian1-2.2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUgWjsAAoJEAVMuPMTQ89Emr0P/jAE+Ep7l5KPfwnzPlDrr1dT
4o7z7QYyx3zT8rW6VqXPDd7VgYRHeAVCQTBL1qGvijdVidThP0Td/45HONWg6aCO
jlMpXPT/qGctCmFqKaHqsLB/KsFaBxpMG6h1zdtYnNl3O5k6fDw/un//ICWmhT1s
cT6ZTDDX5dHmGKxDy4kt40IwG4Fc3Zr+pmWfY/ChPC3gHhz+M65T107rPHHfhckP
aFd1lE8pF3rUfQjyDaCLCLyiXYnKBXBTN9zZfKxSNm4KV/m4xkWVWs6gFocNI/NQ
5PRrh+U0p8UedDJjlK4K053e/70iUrJ/eaDQAjOG3/73rLxpzA9GVOI7EL7CBx1d
/rLCy38LcPQJnYxXbHmgYlDdrKdMSPasYtPls0h+cKE2KVDYXEiQgoRLAYvU278q
gWo0hXypbd/tHfiMSmkERgPbx2cAnEgljm8Z0jlSYY6pdhbrLO87+ZYFmDCbMCVZ
BFhgSNx5HbdTxJpq4evm2nySJfVmedksoQ+ifJBJdV8F+mIjtfyfcYufgbzPPdGF
aliBwB+yq/F8dYBh1ZWBXQ9sjEGOiUQka+D+WfKrqhi7fTnpoRMmnZ7b5v/h+vu7
xBkIfUPzGUMBSqnnKIJx984tf3ETSNvZ/e4TC4PTNFVjyOen2foNvdP1qmvun3Y7
xYw8cErVIaESH0cA2pSl
=TjQJ
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to