Is the package JasPer in extra repo vulnerable to CVE-2016-1577, CVE-2016-2089 and CVE-2016-2116? I noticed that the version number of JasPer is same in Debian, Ubuntu and Arch, i.e. 1.900.1. Debian and Ubuntu seem to have updated/patched it, is Arch not vulnerable to it?
With regards, Harrison Wells
