Your message dated Sun, 21 Dec 2014 17:02:22 +0000 with message-id <e1y2jte-0006r3...@franck.debian.org> and subject line Bug#773463: fixed in jasper 1.900.1-13+deb7u2 has caused the Debian Bug report #773463, regarding jasper: CVE-2014-8137 CVE-2014-8138 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 773463: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773463 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: jasper Version: 1.900.1-7 Severity: grave Tags: security upstream Hi, the following vulnerabilities were published for jasper. CVE-2014-8137[0]: double-free in in jas_iccattrval_destroy() CVE-2014-8138[1]: heap overflow in jp2_decode() If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-8137 [1] https://security-tracker.debian.org/tracker/CVE-2014-8138 [2] http://www.ocert.org/advisories/ocert-2014-012.html Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: jasper Source-Version: 1.900.1-13+deb7u2 We believe that the bug you reported is fixed in the latest version of jasper, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 773...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated jasper package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 20 Dec 2014 08:42:19 +0100 Source: jasper Binary: libjasper1 libjasper-dev libjasper-runtime Architecture: source amd64 Version: 1.900.1-13+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Roland Stigge <sti...@antcom.de> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libjasper-dev - Development files for the JasPer JPEG-2000 library libjasper-runtime - Programs for manipulating JPEG-2000 files libjasper1 - JasPer JPEG-2000 runtime library Closes: 773463 Changes: jasper (1.900.1-13+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add 05-CVE-2014-8137.patch patch. CVE-2014-8137: double-free in in jas_iccattrval_destroy(). (Closes: #773463) * Add 06-CVE-2014-8138.patch patch. CVE-2014-8138: heap overflow in jp2_decode(). (Closes: #773463) Checksums-Sha1: e0d6c3f0740526df97a7ea4ca6a9195fe1408c76 1878 jasper_1.900.1-13+deb7u2.dsc 9b5c7e6851f5ec373f4808d27179f5112d551f64 32631 jasper_1.900.1-13+deb7u2.debian.tar.gz adc9a16d831f4a37671bd93ea660a979a18dc99c 159520 libjasper1_1.900.1-13+deb7u2_amd64.deb f82d4fd1dde08b696590cbf6ee445f1a565e3d05 568648 libjasper-dev_1.900.1-13+deb7u2_amd64.deb 7e4c80527f54ea747e817801680a08e7abd89f17 27148 libjasper-runtime_1.900.1-13+deb7u2_amd64.deb Checksums-Sha256: bea600e984dc62340e34ce4a39168e13aeceae2ce250c88eaee7879ef4611bfd 1878 jasper_1.900.1-13+deb7u2.dsc fe16d00f46d0f3ac23898013b5abae626ca07c315fa7576c4a63b09839a4ee5e 32631 jasper_1.900.1-13+deb7u2.debian.tar.gz 732d52bfed5de9d6c4659f881582a29a9a5fbde057df37541bd4f3e04ef407ec 159520 libjasper1_1.900.1-13+deb7u2_amd64.deb 2dbe19f48d70dbf7315f7bc090e43e4391114ecba9b829d07264b19953d95a34 568648 libjasper-dev_1.900.1-13+deb7u2_amd64.deb 391d3a5fdfc8c4d0ff70399937f4521a43c324b5d7b6cd2ea67aa1ee83bfd075 27148 libjasper-runtime_1.900.1-13+deb7u2_amd64.deb Files: bb1aa608e174d34ed78586ab3d3461cf 1878 graphics optional jasper_1.900.1-13+deb7u2.dsc 04dc723f1ace68e0fa321efdfe36f78c 32631 graphics optional jasper_1.900.1-13+deb7u2.debian.tar.gz f1b34073c5bc06db734c957ebc14e46b 159520 libs optional libjasper1_1.900.1-13+deb7u2_amd64.deb 7dbaf9791f89f1b9a6a8f67df093c3b2 568648 libdevel optional libjasper-dev_1.900.1-13+deb7u2_amd64.deb 6d94d7b23c5544138536bd95ad4a30dd 27148 graphics optional libjasper-runtime_1.900.1-13+deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUlSn2AAoJEAVMuPMTQ89EOoEQAIdZGX1dqaErd8sPifZRJNgE 2DSfS2Lm76LLpEBt4fhRQA0+UuH+Q2zWrx5ZR0kUlAaTWcHIqouGi7XY6B4DGMTT cSYq8iRh+AlmmRYvUxQiQQL8rUiySUkQ7jlHYvTdJOGPXn761/MN9JqwKzaKSGNX 7Ncl+se/qRWCIhh1y3h/m1I6N3o512ahYtDz/9Hq7jOxs6bKS3TY+jGWQ9699QeJ wOuyv2ywX7pikQ2jjxqLaYG9zizgRznuukv35isXXiQW7gnAA5uxsNrQk3TNnCrl f7HistAxfwiM47+Hl7ZX2XUk4vJ/EzqoLY/Fj9p0W39DKW81qhzSBkRyBVlrOVtL ybm2kV4h6USlHULRKfFXEEe3pB4wjis2dsb2wWeqMX9dFlQZH+ctkDjOUBeQjjyn ZJntE5tHReGiO4Q8vpWatQOWpvUMOTNKEpiR++z7tGa53QxVZAuyH9OQ9X7dAvTi 4qxM8IFp35R5J45+xEzsnRxelFXtRyeye9HNrcGN63oPkI1CWR985VY+f0s5u3cg 82vuP3/3Io73w4nGo7+QmlgWJvtqre8kyXt3dNaIigowjZJboRkNGpVEiDatbr60 6AxUYKpUAOxN3mBV1kv2fJhPLWlHlzn7n6cogOvZ40vPoeGjnjsNHe1B2rYFoYbH xSNTYSwUkYc5goxqFyQq =roul -----END PGP SIGNATURE-----
--- End Message ---
