1
PublicDateAtUSN: 2016-01-20
2
Candidate: CVE-2016-1867
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1867
6
http://seclists.org/oss-sec/2016/q1/84
7
https://usn.ubuntu.com/usn/usn-3295-1
9
The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to
10
cause a denial of service (out-of-bounds read and application crash) via a
11
crafted JPEG 2000 image.
14
mdeslaur> fixed in (1.900.1-debian1-2.4+deb8u2)
16
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811023
22
upstream: https://github.com/mdadams/jasper/commit/980da43d8d388a67cac505e734423b2a5aa4cede
23
upstream_jasper: needs-triage
24
precise_jasper: ignored (reached end-of-life)
25
precise/esm_jasper: DNE (precise was needed)
26
trusty_jasper: released (1.900.1-14ubuntu3.4)
27
vivid_jasper: ignored (reached end-of-life)
28
vivid/stable-phone-overlay_jasper: ignored (reached end-of-life)
29
vivid/ubuntu-core_jasper: DNE
30
wily_jasper: ignored (reached end-of-life)
31
xenial_jasper: released (1.900.1-debian1-2.4ubuntu1.1)
32
yakkety_jasper: released (1.900.1-debian1-2.4+deb8u2build0.16.10.1)