-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3785-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 09, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : jasper
CVE ID         : CVE-2016-1867 CVE-2016-8654 CVE-2016-8691 CVE-2016-8692 
                 CVE-2016-8693 CVE-2016-8882 CVE-2016-9560

Multiple vulnerabilities have been discovered in the JasPer library
for processing JPEG-2000 images, which may result in denial of service
or the execution of arbitrary code if a malformed image is processed.

For the stable distribution (jessie), these problems have been fixed in
version 1.900.1-debian1-2.4+deb8u2.

We recommend that you upgrade your jasper packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlic7P4ACgkQEMKTtsN8
TjarqA/7BWdhzNsbnEODUp3J2YMSh35RL0D7oFplRrLywsBBkTxX5Dn8g+ikAWfD
LQyjGOd/DkrqKnCt7Nf1QUHc2XmwAgV13P/j2WOqPdp3c2ogG5XQgcO7gssQo1CQ
wXZIB/HDoUS5u36slTkV6U0Flj7udW9gRmsy8OFjQcL1fHIZMcl5yReit/ex2bHU
NZhrpFhR7nzzEnW8rUNYx5pPRX+K4Z6aq60sU4Luv0HnLEsIUu3wYjcJOIZeBHQ1
Ka322VVX2hTHtUpxGbeV1Gw6QAOTc9teqsjhYbrdpOa8E9uOOM5uR/YjwuWe4Yud
yHqykgYQwVbFpmtbtsjoNKODGXnuqDtWrwUyGRMqFy5FrV9siCUZU0/SwM7wXED/
1JyS9VwvdTf1TNbGgE9AF9LeFYHB/gzFUAee06kWqqY5DpUTh1Q6mrhFxEQf0oK+
4f/oG8JEy8VTds9QcZZS3DTjeSn2pzW84z6AVe2YfOUqXPwSUhBI3uyfIhdc/yt6
RWxkdBPQRrzMpT36Sd3IIpdooF7cFdYIQapkvmzrkF7pO0Qxjy7Odizr0LwqjTw5
wAtq4HhND5LhULs6pr8PcrHOEXXOgurVB5wmiIafO95KWV7rQx8jf+3p2DkoIJZW
I7OItHvmH4hsJUCdZOwG0hawhIzM1fc5ub74g5s9N15L+u8zpro=
=q48k
-----END PGP SIGNATURE-----