Bug 202697 - [PATCH] graphics/jasper: Double free corruption in JasPer JPEG-2000 implementation (CVE-2015-5203)
Summary: [PATCH] graphics/jasper: Double free corruption in JasPer JPEG-2000 implement...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Dirk Meyer
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2015-08-27 17:11 UTC by wxl
Modified: 2015-08-29 06:21 UTC (History)
0 users

See Also:
dinoex: maintainer-feedback-


Attachments
patch for CVE-2015-5203 (6.51 KB, patch)
2015-08-27 17:11 UTC, wxl
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description wxl 2015-08-27 17:11:55 UTC
Created attachment 160418 [details]
patch for CVE-2015-5203

We have had a VuXML entry for over a week with no solution:
http://vuxml.freebsd.org/freebsd/f1692469-45ce-11e5-adde-14dae9d210b8.html

There is now a patch available for ½ of the described problem, so I submit it here with hopes of expediting the process of getting it fixed.
Comment 1 Dirk Meyer freebsd_committer freebsd_triage 2015-08-29 06:12:20 UTC
Thanks for the patch, it will be commited shortly
Comment 2 commit-hook freebsd_committer freebsd_triage 2015-08-29 06:20:01 UTC
A commit references this bug:

Author: dinoex
Date: Sat Aug 29 06:19:55 UTC 2015
New revision: 395527
URL: https://svnweb.freebsd.org/changeset/ports/395527

Log:
  - Security patch for CVE-2015-5203
  PR:		202697
  Submitted by:	wxl@bikefriday.com
  Reviewed y:
  Security:	CVE-2015-5203

Changes:
  head/graphics/jasper/Makefile
  head/graphics/jasper/files/patch-jas_stream.c
  head/graphics/jasper/files/patch-jas_stream.h
  head/graphics/jasper/files/patch-jas_types.h
  head/graphics/jasper/files/patch-jpc_qmfb.c
  head/graphics/jasper/files/patch-mif_cod.c