[arch-general] JasPer vulnerabilities

Harrison Wells hgwells260 at gmail.com
Mon Mar 7 12:04:31 UTC 2016


Haven't reported in security list before. Should I just repost my previous
message?
On 07-Mar-2016 5:28 PM, "LoneVVolf" <lonewolf at xs4all.nl> wrote:

> On 07-03-16 10:55, Harrison Wells wrote:
>
>> Is the package JasPer in extra repo vulnerable to CVE-2016-1577,
>> CVE-2016-2089 and CVE-2016-2116? I noticed that the version number of
>> JasPer is same in Debian, Ubuntu and Arch, i.e. 1.900.1. Debian and Ubuntu
>> seem to have updated/patched it, is Arch not vulnerable to it?
>>
>> With regards,
>>
>> Harrison Wells
>>
> The most recent added patch appears to be jasper-1.900.1-CVE-2015-5203 .
> I suggest you report this to arch-security mailinglist,
> https://lists.archlinux.org/listinfo/arch-security
> LW
>


More information about the arch-general mailing list