- Detalji os-a: FED
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LFE
——————————————————————————–
Fedora Update Notification
FEDORA-2014-17259
2014-12-19 17:10:30
——————————————————————————–
Name : mingw-jasper
Product : Fedora 21
Version : 1.900.1
Release : 25.fc21
URL : http://www.ece.uvic.ca/~frodo/jasper/
Summary : MinGW Windows Jasper library
Description :
MinGW Windows Jasper library.
——————————————————————————–
Update Information:
Fixes for CVE-2014-8137 and CVE-2014-8138
——————————————————————————–
ChangeLog:
* Thu Dec 18 2014 Michael Cronenworth <mike@cchtml.com> – 1.900.1-25
– Fixes for CVE-2014-8137 and CVE-2014-8138
* Sat Dec 13 2014 Michael Cronenworth <mike@cchtml.com> – 1.900.1-24
– Apply all native patches for CVEs
——————————————————————————–
References:
[ 1 ] Bug #1173157 – CVE-2014-8137 jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012)
https://bugzilla.redhat.com/show_bug.cgi?id=1173157
[ 2 ] Bug #1173162 – CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012)
https://bugzilla.redhat.com/show_bug.cgi?id=1173162
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update mingw-jasper’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2014-17274
2014-12-19 17:11:05
——————————————————————————–
Name : mingw-jasper
Product : Fedora 20
Version : 1.900.1
Release : 25.fc20
URL : http://www.ece.uvic.ca/~frodo/jasper/
Summary : MinGW Windows Jasper library
Description :
MinGW Windows Jasper library.
——————————————————————————–
Update Information:
Fixes for CVE-2014-8137 and CVE-2014-8138
——————————————————————————–
ChangeLog:
* Thu Dec 18 2014 Michael Cronenworth <mike@cchtml.com> – 1.900.1-25
– Fixes for CVE-2014-8137 and CVE-2014-8138
* Sat Dec 13 2014 Michael Cronenworth <mike@cchtml.com> – 1.900.1-24
– Apply all native patches for CVEs
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1.900.1-23
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
——————————————————————————–
References:
[ 1 ] Bug #1173157 – CVE-2014-8137 jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012)
https://bugzilla.redhat.com/show_bug.cgi?id=1173157
[ 2 ] Bug #1173162 – CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012)
https://bugzilla.redhat.com/show_bug.cgi?id=1173162
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update mingw-jasper’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2014-17270
2014-12-19 17:10:56
——————————————————————————–
Name : mingw-jasper
Product : Fedora 19
Version : 1.900.1
Release : 25.fc19
URL : http://www.ece.uvic.ca/~frodo/jasper/
Summary : MinGW Windows Jasper library
Description :
MinGW Windows Jasper library.
——————————————————————————–
Update Information:
Fixes for CVE-2014-8137 and CVE-2014-8138
——————————————————————————–
ChangeLog:
* Thu Dec 18 2014 Michael Cronenworth <mike@cchtml.com> – 1.900.1-25
– Fixes for CVE-2014-8137 and CVE-2014-8138
* Sat Dec 13 2014 Michael Cronenworth <mike@cchtml.com> – 1.900.1-24
– Apply all native patches for CVEs
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1.900.1-23
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1.900.1-22
– Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
——————————————————————————–
References:
[ 1 ] Bug #1173157 – CVE-2014-8137 jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012)
https://bugzilla.redhat.com/show_bug.cgi?id=1173157
[ 2 ] Bug #1173162 – CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012)
https://bugzilla.redhat.com/show_bug.cgi?id=1173162
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update mingw-jasper’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
7e
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2014-12-0026-ADV |
| Cve | CVE-2014-8137 CVE-2014-8138 |
| ID izvornika | FEDORA-2014-17259 FEDORA-2014-17274 FEDORA-2014-17270 |
| Proizvod | mingw-jasper |
| Izvor | http://www.redhat.com |
