[jasper/el5] CVE-2011-4516, CVE-2011-4517 (CERT VU#887409, #765662)
Jiří Popelka
jpopelka at fedoraproject.org
Fri Dec 9 14:16:54 UTC 2011
commit d848e5ba4993d74c806886723dc9bc348af96576
Author: Jiri Popelka <jpopelka at redhat.com>
Date: Fri Dec 9 15:16:21 2011 +0100
CVE-2011-4516, CVE-2011-4517 (CERT VU#887409, #765662)
jasper.spec | 12 ++++++++++--
1 files changed, 10 insertions(+), 2 deletions(-)
---
diff --git a/jasper.spec b/jasper.spec
index 9a46f26..48df958 100644
--- a/jasper.spec
+++ b/jasper.spec
@@ -7,7 +7,7 @@ Summary: Implementation of the JPEG-2000 standard, Part 1
Name: jasper
Group: System Environment/Libraries
Version: 1.900.1
-Release: 13%{?dist}
+Release: 14%{?dist}
License: JasPer
URL: http://www.ece.uvic.ca/~mdadams/jasper/
@@ -29,6 +29,10 @@ Patch5: jasper-1.900.1-CVE-2008-3520.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522
Patch6: jasper-1.900.1-CVE-2008-3522.patch
+# CVE-2011-4516, CVE-2011-4517 jasper: heap buffer overflow flaws
+# lead to arbitrary code execution (CERT VU#887409) (#765662)
+Patch7: jasper-1.900.1-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch
+
BuildRequires: automake
BuildRequires: libjpeg-devel
BuildRequires: freeglut-devel
@@ -74,7 +78,7 @@ Requires: %{name} = %{version}-%{release}
%patch4 -p1 -b .jpc_dec_assertion
%patch5 -p1 -b .CVE-2008-3520
%patch6 -p1 -b .CVE-2008-3522
-
+%patch7 -p1 -b .CVE-2011-4516-4517
%build
@@ -135,6 +139,10 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Fri Dec 09 2011 Jiri Popelka <jpopelka at redhat.com> - 1.900.1-14
+- CVE-2011-4516, CVE-2011-4517 jasper: heap buffer overflow flaws
+ lead to arbitrary code execution (CERT VU#887409) (#765662)
+
* Mon Oct 13 2009 Rex Dieter <rdieter at fedoraproject.org> - 1.900.1-13
- CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls (#461476)
- CVE-2008-3522 jasper: possible buffer overflow in
More information about the scm-commits
mailing list