[jasper/f21: 3/3] Merge branch 'f20' into f21

[Jiří Popelka]

commit a275b0f0d6fc433218e7c0f25a14c8acdb0d44c8
Merge: 10c0b93 76d5098
Author: Jiri Popelka <jpopelka at redhat.com>
Date:   Thu Dec 18 18:18:47 2014 +0100

    Merge branch 'f20' into f21

 jasper-CVE-2014-8137.patch |   57 ++++++++++++++++++++++++++++++++++++++++++++
 jasper-CVE-2014-8138.patch |   14 ++++++++++
 jasper.spec                |   42 +++++++++++++++++++-------------
 3 files changed, 96 insertions(+), 17 deletions(-)
---
diff --cc jasper.spec
index d048b39,2b81fdb..53d8bc4
--- a/jasper.spec
+++ b/jasper.spec
@@@ -7,7 -7,7 +7,7 @@@ Summary: Implementation of the JPEG-200
  Name:    jasper
  Group:   System Environment/Libraries
  Version: 1.900.1
- Release: 28%{?dist}
 -Release: 27%{?dist}
++Release: 29%{?dist}
  
  License: JasPer
  URL:     http://www.ece.uvic.ca/~frodo/jasper/
@@@ -173,7 -177,11 +177,11 @@@ make chec
  
  
  %changelog
 -* Thu Dec 18 2014 Jiri Popelka <jpopelka at redhat.com> - 1.900.1-27
++* Thu Dec 18 2014 Jiri Popelka <jpopelka at redhat.com> - 1.900.1-29
+ - CVE-2014-8137 - double-free in jas_iccattrval_destroy() (oCERT-2014-012) (#1175761)
+ - CVE-2014-8138 - heap overflow in jp2_decode() (oCERT-2014-012) (#1175761)
+ 
 -* Thu Dec 04 2014 Jiri Popelka <jpopelka at redhat.com> - 1.900.1-26
 +* Thu Dec 04 2014 Jiri Popelka <jpopelka at redhat.com> - 1.900.1-28
  - CVE-2014-9029 - incorrect component number check in COC, RGN and QCC
                    marker segment decoders (#1170650)