diff options
| author | Nguyễn Gia Phong <cnx@loang.net> | 2025-03-31 00:08:03 +0900 |
|---|---|---|
| committer | Nguyễn Gia Phong <cnx@loang.net> | 2025-03-31 00:08:03 +0900 |
| commit | f5d0b18d5b6a1a3228293ffa12a9a75d88c1c1c4 (patch) | |
| tree | a9fb538814a335aea72ef7cda3bc55dadfb0f912 | |
| parent | 37acf70dab8b35140222fad9e19d0729986a476a (diff) | |
| download | loftix-f5d0b18d5b6a1a3228293ffa12a9a75d88c1c1c4.tar.gz | |
Add JasPer 1.900.5 for CVE-2016-9387
| -rw-r--r-- | REUSE.toml | 1 | ||||
| -rw-r--r-- | bugs/README.md | 6 | ||||
| -rw-r--r-- | bugs/cve/2016/9387/jas_matrix.jp2 | bin | 0 -> 417 bytes | |||
| -rw-r--r-- | loftix/bugs.scm | 13 |
4 files changed, 20 insertions, 0 deletions
diff --git a/REUSE.toml b/REUSE.toml index 635c4d4..5c6d23c 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -39,6 +39,7 @@ SPDX-License-Identifier = 'CC0-1.0' [[annotations]] path = [ 'bugs/cve/2016/8691/11.crash', 'bugs/cve/2016/9264/globaloverflow', + 'bugs/cve/2016/9387/jas_matrix.jp2', 'bugs/cve/2016/9557/signed-int-overflow.jp2', 'bugs/cve/2016/10092/heapoverflow.tiff', 'bugs/cve/2016/10093/heapoverflow.tiff', diff --git a/bugs/README.md b/bugs/README.md index 95fc232..97943fc 100644 --- a/bugs/README.md +++ b/bugs/README.md @@ -41,6 +41,11 @@ guix shell -e '(@@ (loftix bugs) jasper-1.900.3)' imginfo -f cve/2016/8691/11.crash +- CVE-2016-9387: [assertion failure][jasper-49] + + guix shell -e '(@@ (loftix bugs) jasper-1.900.5)' + imginfo -f cve/2016/9387/jas_matrix.jp2 + - CVE-2016-9557: [signed integer overflow][jasper-67] guix shell -e '(@@ (loftix bugs) jasper-1.900.19)' @@ -227,6 +232,7 @@ [chromium-42452152]: https://project-zero.issues.chromium.org/issues/42452152 [chromium-42452154]: https://project-zero.issues.chromium.org/issues/42452154 [jasper-22]: https://github.com/jasper-software/jasper/issues/22 +[jasper-49]: https://github.com/jasper-software/jasper/issues/49 [jasper-67]: https://github.com/jasper-software/jasper/issues/67 [libarchive-717]: https://github.com/libarchive/libarchive/issues/717 [libjpeg-turbo-258]: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258 diff --git a/bugs/cve/2016/9387/jas_matrix.jp2 b/bugs/cve/2016/9387/jas_matrix.jp2 new file mode 100644 index 0000000..2bdadb2 --- /dev/null +++ b/bugs/cve/2016/9387/jas_matrix.jp2 Binary files differdiff --git a/loftix/bugs.scm b/loftix/bugs.scm index 213cf3a..12239e2 100644 --- a/loftix/bugs.scm +++ b/loftix/bugs.scm @@ -110,6 +110,19 @@ (build-system gnu-build-system) (inputs (list ijg-libjpeg)))) +(define-public jasper-1.900.5 + (package + (inherit jasper-1.900.19) + (name "jasper") + (version "1.900.5") + (source (origin + (method url-fetch) + (uri (string-append "https://www.ece.uvic.ca/~frodo/jasper" + "/software/jasper-" version ".tar.gz")) + (sha256 + (base32 + "1fvy4ngc6064g128q4484qpinsn05y9qw6lrccc4czhalla2w26m")))))) + (define-public jasper-1.900.3 (package (inherit jasper-1.900.19) |