-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3089-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jasper CVE ID : CVE-2014-9029 Debian Bug : 772036 Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, a library for manipulating JPEG-2000 files, which could lead to denial of service (application crash) or the execution of arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 1.900.1-13+deb7u1. For the upcoming stable distribution (jessie) and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your jasper packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUgHrJAAoJEAVMuPMTQ89EFekP/21TDzhAR4T6eKGUQ6MMigUu XqHkqsFkaP+6oKyVWjgzH38EWANEDDXoi0/T0KORY6uzaJwBQ+DdjHWVHokyN8Iy ynJQ60foV0+h5ZabpUbJc0uLnF8sc9V4AxAeQ+Z/C6lvIdF/kwXMCMFdd+gF3lI6 eZzE0pgBA5I9vJO0YREVXYtPVZ86R8Igy+YtKTBnXjPe2W4Mkc3pb9Dr2ha0eATH ZwNS9R2s6ifpDPHr5xtxAp3j5FDLuCGfswoGFDisW2sWXuRAbG1QKnRXH7uy4MyK DIIyuS+0LMGhym8+DB1KGMMo4MFhVsydSG4vx5zLkxZYahXDp/wMKQGT0lft5q8y 4DN2FYqwgLMDgGsL8AcFIJ40G6iXc4Uug6B0nyRHtKpy8nnnKhxIjnSVe6Q4PFra Bph4CiWsfu9kJUYFk4ukD/kAnILc+RfPwfMGA9t0XKz3WVixfv+vhWMRG90cmmNA 14rsVkkts52RyhAiuhgyxS5UuqE3srNyx64NLMKvIZJuT9Id/V5+ciovZEFsOD7k M05WadrNff5YQTkLjZKNSwkZ2YwaHP7uwJ2euMFBMkOtz8s2GBQnxLWb0A7IYNGC 1pNEXC7a9FHutmFFdYMCc7OP/oUiGZb4qe+rvH3GyLnegTDQZ0MN7oYX3ze5IUYc LDS8UAI8LMV2/X2knxLJ =qpMK -----END PGP SIGNATURE-----