Source: jasper Version: 1.900.1-13 Severity: grave Tags: security upstream patch
Hi, the following vulnerabilities were published for jasper. CVE-2016-8692[0]: FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c CVE-2016-8691[1]: FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-8692 [1] https://security-tracker.debian.org/tracker/CVE-2016-8691 [2] https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 [3] https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/ Regards, Salvatore
