public inbox for cygwin-apps@cygwin.com
 help / color / mirror / Atom feed
* [SECURITY] jasper
@ 2016-09-26  5:18 Yaakov Selkowitz
  0 siblings, 0 replies; 4+ messages in thread
From: Yaakov Selkowitz @ 2016-09-26  5:18 UTC (permalink / raw)
  To: cygwin-apps

Dr. Volker,

Several CVEs have been made public for jasper.  Could you please ship a 
new release with the following patches:

http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2014-8157.patch
http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2014-8158.patch
http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2015-5221.patch
http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2016-1867.patch
http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2016-1577.patch
http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2016-2116.patch

-- 
Yaakov

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [SECURITY] jasper
  2014-12-29 16:19 Yaakov Selkowitz
@ 2015-01-15 11:41 ` Dr. Volker Zell
  0 siblings, 0 replies; 4+ messages in thread
From: Dr. Volker Zell @ 2015-01-15 11:41 UTC (permalink / raw)
  To: Yaakov Selkowitz; +Cc: cygwin-apps

>>>>> Yaakov Selkowitz writes:

    > Dr. Volker Zell,
    > CVE-2014-9029 has been announced for jasper.  A patch is available at:

    > http://pkgs.fedoraproject.org/cgit/jasper.git/plain/jasper-CVE-2014-9029.patch

Actually that patch is already included in the latest cygwin (32/64bit) distros.
    

    > Yaakov

Ciao
  Volker

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [SECURITY] jasper
@ 2014-12-29 16:19 Yaakov Selkowitz
  2015-01-15 11:41 ` Dr. Volker Zell
  0 siblings, 1 reply; 4+ messages in thread
From: Yaakov Selkowitz @ 2014-12-29 16:19 UTC (permalink / raw)
  To: cygwin-apps; +Cc: dr.volker.zell

Dr. Volker Zell,

CVE-2014-9029 has been announced for jasper.  A patch is available at:

http://pkgs.fedoraproject.org/cgit/jasper.git/plain/jasper-CVE-2014-9029.patch

TIA,

--
Yaakov

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [SECURITY] jasper
@ 2012-01-24  4:09 Yaakov (Cygwin/X)
  0 siblings, 0 replies; 4+ messages in thread
From: Yaakov (Cygwin/X) @ 2012-01-24  4:09 UTC (permalink / raw)
  To: cygwin-apps

Dr. Volker Zell,

Security vulnerabilities have been announced for jasper (CVE-2011-4516,
CVE-2011-4517).  Please rebuild jasper ASAP with the following patch:

http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/media-libs/jasper/files/CVE-2011-4516+7.patch


Yaakov


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-09-26  5:18 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-09-26  5:18 [SECURITY] jasper Yaakov Selkowitz
  -- strict thread matches above, loose matches on Subject: below --
2014-12-29 16:19 Yaakov Selkowitz
2015-01-15 11:41 ` Dr. Volker Zell
2012-01-24  4:09 Yaakov (Cygwin/X)

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).