projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 09a71e6)
package/jasper: security bump version to 2.0.25
authorMichael Vetter <jubalh@iodoru.org>
Mon, 15 Feb 2021 10:45:28 +0000 (11:45 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Mon, 15 Feb 2021 21:34:43 +0000 (22:34 +0100)
Changes:

* Fix memory-related bugs in the JPEG-2000 codec resulting from
  attempting to decode invalid code streams. (#264, #265)
  This fix is associated with CVE-2021-26926 and CVE-2021-26927.
* Fix wrong return value under some compilers (#260)
* Fix CVE-2021-3272 heap buffer overflow in jp2_decode (#259)

Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/jasper/jasper.hash patch | blob | history
package/jasper/jasper.mk patch | blob | history

diff --git a/package/jasper/jasper.hash b/package/jasper/jasper.hash
index 7386c2179f7c71e890040490938ca16390312a8d..d4ed191f91251c7824cc7d34bfff64c9df4eeaeb 100644 (file)
--- a/package/jasper/jasper.hash
+++ b/package/jasper/jasper.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  d2d28e115968d38499163cf8086179503668ce0d71b90dd33855b3de96a1ca1d  jasper-2.0.24.tar.gz
+sha256  f5bc48e2884bcabd2aca1737baff4ca962ec665b6eb673966ced1f7adea07edb  jasper-2.0.25.tar.gz
 sha256  4ad1bb42aff888c4403d792e6e2c5f1716d6c279fea70b296333c9d577d30b81  LICENSE
diff --git a/package/jasper/jasper.mk b/package/jasper/jasper.mk
index d8110082c931db185f9561c7e6907dd003ebc849..d487e8e2d6638d3e249cd52b035f81a434d39aa7 100644 (file)
--- a/package/jasper/jasper.mk
+++ b/package/jasper/jasper.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-JASPER_VERSION = 2.0.24
+JASPER_VERSION = 2.0.25
 JASPER_SITE = $(call github,jasper-software,jasper,version-$(JASPER_VERSION))
 JASPER_INSTALL_STAGING = YES
 JASPER_LICENSE = JasPer-2.0