diff options
| author | Nguyễn Gia Phong <cnx@loang.net> | 2025-02-19 11:28:00 +0900 |
|---|---|---|
| committer | Nguyễn Gia Phong <cnx@loang.net> | 2025-02-19 15:45:41 +0900 |
| commit | 2bc2903833f96d91d5d88c563499d1b49867dd1e (patch) | |
| tree | 10c39e0b9ee4d4170069745ebad0b49cedef2fd1 | |
| parent | 9a8e6fc11870324ac12bb4653439dae41230ce69 (diff) | |
| download | loftix-2bc2903833f96d91d5d88c563499d1b49867dd1e.tar.gz | |
Add JasPer 1.900.3 for CVE-2016-8691
| -rw-r--r-- | REUSE.toml | 5 | ||||
| -rw-r--r-- | bugs/README.md | 6 | ||||
| -rw-r--r-- | bugs/cve/2016/8691/11.crash | bin | 0 -> 55 bytes | |||
| -rw-r--r-- | loftix/bugs.scm | 14 |
4 files changed, 25 insertions, 0 deletions
@@ -14,6 +14,11 @@ path = 'bugs/cve/2013/7437/2.bmp' SPDX-FileCopyrightText = '2013 Stefan Cornelius' [[annotations]] +path = 'bugs/cve/2016/8691/11.crash' +SPDX-FileCopyrightText = '2016 Agostino Sarubbo' +SPDX-License-Identifier = 'CC0-1.0' + +[[annotations]] path = 'bugs/cve/2016/9557/signed-int-overflow.jp2' SPDX-FileCopyrightText = '2016 Agostino Sarubbo' SPDX-License-Identifier = 'CC0-1.0' diff --git a/bugs/README.md b/bugs/README.md index 4827049..6ae8618 100644 --- a/bugs/README.md +++ b/bugs/README.md @@ -31,6 +31,11 @@ ## JasPer +- CVE-2016-8691: [divide-by-zero][jasper-22] + + guix shell jasper@1.900.3 + imginfo -f cve/2016/8691/11.crash + - CVE-2016-9557: [signed integer overflow][jasper-67] guix shell jasper@1.900.19 @@ -61,6 +66,7 @@ potrace cve/2013/7437/1.bmp potrace cve/2013/7437/2.bmp +[jasper-22]: https://github.com/jasper-software/jasper/issues/22 [jasper-67]: https://github.com/jasper-software/jasper/issues/67 [mozjpeg-268]: https://github.com/mozilla/mozjpeg/issues/268 [oss-sec-20161105-3]: https://www.openwall.com/lists/oss-security/2016/11/05/3 diff --git a/bugs/cve/2016/8691/11.crash b/bugs/cve/2016/8691/11.crash Binary files differnew file mode 100644 index 0000000..9397b77 --- /dev/null +++ b/bugs/cve/2016/8691/11.crash diff --git a/loftix/bugs.scm b/loftix/bugs.scm index 53b7383..09ed206 100644 --- a/loftix/bugs.scm +++ b/loftix/bugs.scm @@ -76,6 +76,20 @@ (build-system gnu-build-system) (inputs (list ijg-libjpeg)))) +(define-public jasper-1.900.3 + (package + (inherit jasper-1.900.19) + (name "jasper") + (version "1.900.3") + (source (origin + (method url-fetch) + (uri (string-append "https://www.ece.uvic.ca/~frodo/jasper" + "/software/jasper-" version ".tar.gz")) + (sha256 + (base32 + "106xwiyn40k5yrnny198mzscvyd18rza9clhd2nl6xvcsz73swrn")))) + (arguments '(#:make-flags '("LDFLAGS=-static"))))) + (define-public libjpeg-turbo-1.5.2 (package (inherit libjpeg-turbo) |