main/jasper: various security fixes

ref #3814 CVE-2014-8137.patch CVE-2014-8138.patch CVE-2014-8157.patch CVE-2014-8158.patch
author: Natanael Copa <ncopa@alpinelinux.org> 2015-09-21 11:07:13 +0200
committer: Natanael Copa <ncopa@alpinelinux.org> 2015-09-21 11:08:50 +0200
commit: 5cf21c2970ede23199084dd6a552640c4fe708f6 (patch)
tree: 89d91a10d34e32c87999df1b31bed4ebfcd99ef4 /main/jasper/CVE-2014-8157.patch
parent: 4038b6160e7fb654fac60418fa095e966656796b (diff)
download: aports-5cf21c2970ede23199084dd6a552640c4fe708f6.tar.bz2
aports-5cf21c2970ede23199084dd6a552640c4fe708f6.tar.xz
1 files changed, 12 insertions, 0 deletions
diff --git a/main/jasper/CVE-2014-8157.patch b/main/jasper/CVE-2014-8157.patch
new file mode 100644
index 0000000000..ebfc1b2d0f
--- /dev/null
+++ b/main/jasper/CVE-2014-8157.patch
@@ -0,0 +1,12 @@
+diff -up jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157 jasper-1.900.1/src/libjasper/jpc/jpc_dec.c
+--- jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157	2015-01-19 16:59:36.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c	2015-01-19 17:07:41.609863268 +0100
+@@ -489,7 +489,7 @@ static int jpc_dec_process_sot(jpc_dec_t
+ 		dec->curtileendoff = 0;
+ 	}
+ 
+-	if (JAS_CAST(int, sot->tileno) > dec->numtiles) {
++	if (JAS_CAST(int, sot->tileno) >= dec->numtiles) {
+ 		jas_eprintf("invalid tile number in SOT marker segment\n");
+ 		return -1;
+ 	}
author	Natanael Copa <ncopa@alpinelinux.org>	2015-09-21 11:07:13 +0200
committer	Natanael Copa <ncopa@alpinelinux.org>	2015-09-21 11:08:50 +0200
commit	5cf21c2970ede23199084dd6a552640c4fe708f6 (patch)
tree	89d91a10d34e32c87999df1b31bed4ebfcd99ef4 /main/jasper/CVE-2014-8157.patch
parent	4038b6160e7fb654fac60418fa095e966656796b (diff)
download	aports-5cf21c2970ede23199084dd6a552640c4fe708f6.tar.bz2 aports-5cf21c2970ede23199084dd6a552640c4fe708f6.tar.xz