From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-apps-return-37785-listarch-cygwin-apps=sources.redhat.com@cygwin.com>
Received: (qmail 129757 invoked by alias); 26 Sep 2016 05:18:31 -0000
Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm
Precedence: bulk
Sender: cygwin-apps-owner@cygwin.com
List-Id: <cygwin-apps.cygwin.com>
List-Subscribe: <mailto:cygwin-apps-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin-apps/>
List-Post: <mailto:cygwin-apps@cygwin.com>
List-Help: <mailto:cygwin-apps-help@cygwin.com>, <http://sourceware.org/lists.html#faqs>
Mail-Followup-To: cygwin-apps@cygwin.com
Received: (qmail 129742 invoked by uid 89); 26 Sep 2016 05:18:30 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.0 required=5.0 tests=BAYES_40,KAM_LAZY_DOMAIN_SECURITY,SPF_HELO_PASS autolearn=no version=3.3.2 spammy=H*Ad:U*yselkowitz, H*M:cygwin, H*MI:cygwin, Hx-languages-length:659
X-HELO: mx1.redhat.com
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 26 Sep 2016 05:18:20 +0000
Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26])	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))	(No client certificate requested)	by mx1.redhat.com (Postfix) with ESMTPS id 0A75A9E629	for <cygwin-apps@cygwin.com>; Mon, 26 Sep 2016 05:18:19 +0000 (UTC)
Received: from [10.10.116.22] (ovpn-116-22.rdu2.redhat.com [10.10.116.22])	by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u8Q5IHHS019876	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)	for <cygwin-apps@cygwin.com>; Mon, 26 Sep 2016 01:18:18 -0400
To: cygwin-apps@cygwin.com
From: Yaakov Selkowitz <yselkowitz@cygwin.com>
Subject: [SECURITY] jasper
Message-ID: <826b9f6a-3b66-fea7-3161-cea9bf2f0d24@cygwin.com>
Date: Mon, 26 Sep 2016 05:18:00 -0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
X-SW-Source: 2016-09/txt/msg00062.txt.bz2

Dr. Volker,

Several CVEs have been made public for jasper.  Could you please ship a 
new release with the following patches:

http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2014-8157.patch
http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2014-8158.patch
http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2015-5221.patch
http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2016-1867.patch
http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2016-1577.patch
http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2016-2116.patch

-- 
Yaakov