[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 0/1] Fix many jasper CVEs
From: |
Leo Famulari |
Subject: |
[PATCH 0/1] Fix many jasper CVEs |
Date: |
Sat, 30 Jan 2016 16:20:50 -0500 |
I set out to apply the fix for CVE-2016-1867 to jasper and found that
our package had many unpatched CVEs dating back to 2008 [0].
Most of these patches are copied from Fedora [1] but the patch for
CVE-2016-1867 is copied from SUSE [2].
I copied one non-CVE patch from Fedora because the patch for
CVE-2008-3520 builds on it.
There are other non-CVE patches in the Fedora tree [1]. Do you think we
should apply any of those as well?
[0]
https://security-tracker.debian.org/tracker/source-package/jasper
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1867
[1]
http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/tree/
[2]
https://bugzilla.suse.com/show_bug.cgi?id=961886
Leo Famulari (1):
gnu: jasper: Add fixes for several security flaws.
gnu-system.am | 9 +
gnu/packages/image.scm | 13 +-
gnu/packages/patches/jasper-CVE-2008-3520.patch | 931 +++++++++++++++++++++
.../jasper-CVE-2011-4516-and-CVE-2011-4517.patch | 31 +
gnu/packages/patches/jasper-CVE-2014-8137.patch | 64 ++
gnu/packages/patches/jasper-CVE-2014-8138.patch | 21 +
gnu/packages/patches/jasper-CVE-2014-8157.patch | 19 +
gnu/packages/patches/jasper-CVE-2014-8158.patch | 336 ++++++++
gnu/packages/patches/jasper-CVE-2014-9029.patch | 36 +
gnu/packages/patches/jasper-CVE-2016-1867.patch | 18 +
.../patches/jasper-stepsizes-overflow.patch | 20 +
11 files changed, 1497 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/jasper-CVE-2008-3520.patch
create mode 100644
gnu/packages/patches/jasper-CVE-2011-4516-and-CVE-2011-4517.patch
create mode 100644 gnu/packages/patches/jasper-CVE-2014-8137.patch
create mode 100644 gnu/packages/patches/jasper-CVE-2014-8138.patch
create mode 100644 gnu/packages/patches/jasper-CVE-2014-8157.patch
create mode 100644 gnu/packages/patches/jasper-CVE-2014-8158.patch
create mode 100644 gnu/packages/patches/jasper-CVE-2014-9029.patch
create mode 100644 gnu/packages/patches/jasper-CVE-2016-1867.patch
create mode 100644 gnu/packages/patches/jasper-stepsizes-overflow.patch
--
2.6.3
- [PATCH 0/1] Fix many jasper CVEs,
Leo Famulari <=