-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2014-4757 2014-12-18 23:25:37 --------------------------------------------------------------------------------
Name : mingw-jasper Product : Fedora EPEL 7 Version : 1.900.1 Release : 25.el7 URL : http://www.ece.uvic.ca/~frodo/jasper/ Summary : MinGW Windows Jasper library Description : MinGW Windows Jasper library.
-------------------------------------------------------------------------------- Update Information:
* Fixes for CVE-2014-8137 and CVE-2014-8138\r\n\r\n* Bring package up to date with all CVE fixes -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1173162 - CVE-2014-8138 jasper: heap overflow in jp2_decode() (oCERT-2014-012) https://bugzilla.redhat.com/show_bug.cgi?id=1173162 [ 2 ] Bug #1173157 - CVE-2014-8137 jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012) https://bugzilla.redhat.com/show_bug.cgi?id=1173157 --------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use su -c 'yum update mingw-jasper' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
epel-package-announce@lists.fedoraproject.org