Bug 530305

Summary: CVE-2008-3520 CVE-2008-3522 Multiple jasper vulnerabilities
Product: [Fedora] Fedora Reporter: Tomas Hoger <thoger>
Component: jasperAssignee: Rex Dieter <rdieter>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: rdieter
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://fedoraproject.org/wiki/Security/TrackingBugs
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-10-28 10:58:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 461476, 461478, 530120    
Attachments:
Description Flags
CVS diff against current devel none

Description Tomas Hoger 2009-10-22 09:41:26 UTC
This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in all affected branches.

For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in "Blocks" field.

	bug #461476: CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls
	bug #461478: CVE-2008-3522 jasper: possible buffer overflow in jas_stream_printf()

When creating a Bodhi update request, please include the bug IDs of the respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available and only close this bug once all affected Fedora versions are fixed.

Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=461476,461478

Comment 1 Tomas Hoger 2009-10-22 09:42:51 UTC
Created attachment 365684 [details]
CVS diff against current devel

Comment 2 Tomas Hoger 2009-10-28 10:58:28 UTC
-13 now in all current Fedora / EPEL versions.  Thank you!