* [Buildroot] [PATCH 1/1] package/jasper: security bump version to 2.0.25
@ 2021-02-15 10:45 Michael Vetter
2021-02-15 21:50 ` Peter Korsgaard
2021-02-17 6:36 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Michael Vetter @ 2021-02-15 10:45 UTC (permalink / raw)
To: buildroot
Changes:
* Fix memory-related bugs in the JPEG-2000 codec resulting from
attempting to decode invalid code streams. (#264, #265)
This fix is associated with CVE-2021-26926 and CVE-2021-26927.
* Fix wrong return value under some compilers (#260)
* Fix CVE-2021-3272 heap buffer overflow in jp2_decode (#259)
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
---
package/jasper/jasper.hash | 2 +-
package/jasper/jasper.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/jasper/jasper.hash b/package/jasper/jasper.hash
index 7386c2179f..d4ed191f91 100644
--- a/package/jasper/jasper.hash
+++ b/package/jasper/jasper.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 d2d28e115968d38499163cf8086179503668ce0d71b90dd33855b3de96a1ca1d jasper-2.0.24.tar.gz
+sha256 f5bc48e2884bcabd2aca1737baff4ca962ec665b6eb673966ced1f7adea07edb jasper-2.0.25.tar.gz
sha256 4ad1bb42aff888c4403d792e6e2c5f1716d6c279fea70b296333c9d577d30b81 LICENSE
diff --git a/package/jasper/jasper.mk b/package/jasper/jasper.mk
index d8110082c9..d487e8e2d6 100644
--- a/package/jasper/jasper.mk
+++ b/package/jasper/jasper.mk
@@ -4,7 +4,7 @@
#
################################################################################
-JASPER_VERSION = 2.0.24
+JASPER_VERSION = 2.0.25
JASPER_SITE = $(call github,jasper-software,jasper,version-$(JASPER_VERSION))
JASPER_INSTALL_STAGING = YES
JASPER_LICENSE = JasPer-2.0
--
2.26.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/jasper: security bump version to 2.0.25
2021-02-15 10:45 [Buildroot] [PATCH 1/1] package/jasper: security bump version to 2.0.25 Michael Vetter
@ 2021-02-15 21:50 ` Peter Korsgaard
2021-02-17 6:36 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2021-02-15 21:50 UTC (permalink / raw)
To: buildroot
>>>>> "Michael" == Michael Vetter <jubalh@iodoru.org> writes:
> Changes:
> * Fix memory-related bugs in the JPEG-2000 codec resulting from
> attempting to decode invalid code streams. (#264, #265)
> This fix is associated with CVE-2021-26926 and CVE-2021-26927.
> * Fix wrong return value under some compilers (#260)
> * Fix CVE-2021-3272 heap buffer overflow in jp2_decode (#259)
> Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/jasper: security bump version to 2.0.25
2021-02-15 10:45 [Buildroot] [PATCH 1/1] package/jasper: security bump version to 2.0.25 Michael Vetter
2021-02-15 21:50 ` Peter Korsgaard
@ 2021-02-17 6:36 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2021-02-17 6:36 UTC (permalink / raw)
To: buildroot
>>>>> "Michael" == Michael Vetter <jubalh@iodoru.org> writes:
> Changes:
> * Fix memory-related bugs in the JPEG-2000 codec resulting from
> attempting to decode invalid code streams. (#264, #265)
> This fix is associated with CVE-2021-26926 and CVE-2021-26927.
> * Fix wrong return value under some compilers (#260)
> * Fix CVE-2021-3272 heap buffer overflow in jp2_decode (#259)
> Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Committed to 2020.02.x and 2020.11.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-02-17 6:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-15 10:45 [Buildroot] [PATCH 1/1] package/jasper: security bump version to 2.0.25 Michael Vetter
2021-02-15 21:50 ` Peter Korsgaard
2021-02-17 6:36 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.