diff --git a/jasper-CVE-2016-1867.patch b/jasper-CVE-2016-1867.patch new file mode 100644 index 0000000..d0777cd --- /dev/null +++ b/jasper-CVE-2016-1867.patch @@ -0,0 +1,12 @@ +diff -urNp jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2cod.c jasper-1.900.1.new/src/libjasper/jpc/jpc_t2cod.c +--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2cod.c 2016-08-11 14:34:31.795661973 +0200 ++++ jasper-1.900.1.new/src/libjasper/jpc/jpc_t2cod.c 2016-08-12 07:02:40.044860209 +0200 +@@ -429,7 +429,7 @@ static int jpc_pi_nextcprl(register jpc_ + } + + for (pi->compno = pchg->compnostart, pi->picomp = +- &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno, ++ &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno, + ++pi->picomp) { + pirlvl = pi->picomp->pirlvls; + pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn + diff --git a/jasper.spec b/jasper.spec index 8127f8e..3d57705 100644 --- a/jasper.spec +++ b/jasper.spec @@ -39,6 +39,7 @@ Patch12: jasper-CVE-2014-8157.patch Patch13: jasper-CVE-2014-8158.patch Patch14: jasper-CVE-2015-5203.patch Patch15: jasper-CVE-2015-5221.patch +Patch16: jasper-CVE-2016-1867.patch # Issues found by static analysis of code Patch110: jasper-1.900.1-Coverity-BAD_SIZEOF.patch @@ -108,6 +109,7 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release} %patch13 -p1 -b .CVE-2014-8158 %patch14 -p1 -b .CVE-2015-5203 %patch15 -p1 -b .CVE-2015-5221 +%patch16 -p1 -b .CVE-2016-1867 %patch110 -p1 -b .BAD_SIZEOF %patch111 -p1 -b .CHECKED_RETURN @@ -185,9 +187,10 @@ make check %changelog -* Thu Aug 11 2016 Josef Ridky - 1.900.1-33 +* Fri Aug 12 2016 Josef Ridky - 1.900.1-33 - CVE-2015-5203 - double free in jasper_image_stop_load() (#1254244) - CVE-2015-5221 - Use-after-free and double-free flaws (#1255714) +- CVE-2016-1867 - out-of-bounds read in the jpc_pi_nextcprl() function (#1298138) * Thu Feb 04 2016 Fedora Release Engineering - 1.900.1-32 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild