Overview

File _patchinfo of Package patchinfo.280

<patchinfo incident="280">
  <issue id="909475" tracker="bnc">VUL-0: CVE-2014-8138: libjasper: heap overflow in jas_decode()</issue>
  <issue id="909474" tracker="bnc">VUL-0: CVE-2014-8137: libjasper: double-free in jas_iccattrval_destroy()</issue>
  <issue id="906364" tracker="bnc">VUL-0: CVE-2014-9029: jasper: Heap overflows in libjasper</issue>
  <issue id="CVE-2014-9029" tracker="cve" />
  <issue id="CVE-2014-8137" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>nadvornik</packager>
  <description>This libjasper update fixes the following three security issues:

- bnc#906364: heap overflows in libjasper (CVE-2014-9029)
- bnc#909474: double-free in jas_iccattrval_destroy() (CVE-2014-8137)
- bnc#909475: heap overflow in jas_decode() (CVE-2014-8138)
</description>
  <summary>Security update for jasper</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places