This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Updated: {jasper/libjasper1/libjasper-devel}-1.900.22-1: JPEG-2000 codec library


On 2017-03-24 14:02, Yaakov Selkowitz wrote:
On 2017-02-22 13:53, Yaakov Selkowitz wrote:
No, the details are in the .spec file.  In short, you want 1.900.13 plus
the jasper-1.900.1-CVE-2008-3520.patch and
jasper-1.900.13-CVE-2016-9583.patch patches.

There are now additionally jasper-1.900.13-CVE-2016-9262.patch and
jasper-1.900.13-CVE-2016-8654.patch.

Once that's uploaded, then let's proceed with an upgrade to 2.0.10,
which already has all the fixes along with the ABI version change.

That's 2.0.12 now.

Unfortunately, some of my packages ended up being built against the later libjasper1, so it's too late to revert this cleanly. Therefore, I have left it alone, uploaded 2.0.12, and rebuilt all my dependent packages.

Marco, that leaves your gdal and GraphicsMagick as the only packages still using libjasper1.

--
Yaakov


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]