diff options
| -rw-r--r-- | REUSE.toml | 1 | ||||
| -rw-r--r-- | bugs/README.md | 6 | ||||
| -rw-r--r-- | bugs/cve/2016/9387/jas_matrix.jp2 | bin | 0 -> 417 bytes | |||
| -rw-r--r-- | loftix/bugs.scm | 13 |
4 files changed, 20 insertions, 0 deletions
diff --git a/REUSE.toml b/REUSE.toml index 635c4d4..5c6d23c 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -39,6 +39,7 @@ SPDX-License-Identifier = 'CC0-1.0' [[annotations]] path = [ 'bugs/cve/2016/8691/11.crash', 'bugs/cve/2016/9264/globaloverflow', + 'bugs/cve/2016/9387/jas_matrix.jp2', 'bugs/cve/2016/9557/signed-int-overflow.jp2', 'bugs/cve/2016/10092/heapoverflow.tiff', 'bugs/cve/2016/10093/heapoverflow.tiff', diff --git a/bugs/README.md b/bugs/README.md index 95fc232..97943fc 100644 --- a/bugs/README.md +++ b/bugs/README.md @@ -41,6 +41,11 @@ guix shell -e '(@@ (loftix bugs) jasper-1.900.3)' imginfo -f cve/2016/8691/11.crash +- CVE-2016-9387: [assertion failure][jasper-49] + + guix shell -e '(@@ (loftix bugs) jasper-1.900.5)' + imginfo -f cve/2016/9387/jas_matrix.jp2 + - CVE-2016-9557: [signed integer overflow][jasper-67] guix shell -e '(@@ (loftix bugs) jasper-1.900.19)' @@ -227,6 +232,7 @@ [chromium-42452152]: https://project-zero.issues.chromium.org/issues/42452152 [chromium-42452154]: https://project-zero.issues.chromium.org/issues/42452154 [jasper-22]: https://github.com/jasper-software/jasper/issues/22 +[jasper-49]: https://github.com/jasper-software/jasper/issues/49 [jasper-67]: https://github.com/jasper-software/jasper/issues/67 [libarchive-717]: https://github.com/libarchive/libarchive/issues/717 [libjpeg-turbo-258]: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258 diff --git a/bugs/cve/2016/9387/jas_matrix.jp2 b/bugs/cve/2016/9387/jas_matrix.jp2 new file mode 100644 index 0000000..2bdadb2 --- /dev/null +++ b/bugs/cve/2016/9387/jas_matrix.jp2 Binary files differdiff --git a/loftix/bugs.scm b/loftix/bugs.scm index 213cf3a..12239e2 100644 --- a/loftix/bugs.scm +++ b/loftix/bugs.scm @@ -110,6 +110,19 @@ (build-system gnu-build-system) (inputs (list ijg-libjpeg)))) +(define-public jasper-1.900.5 + (package + (inherit jasper-1.900.19) + (name "jasper") + (version "1.900.5") + (source (origin + (method url-fetch) + (uri (string-append "https://www.ece.uvic.ca/~frodo/jasper" + "/software/jasper-" version ".tar.gz")) + (sha256 + (base32 + "1fvy4ngc6064g128q4484qpinsn05y9qw6lrccc4czhalla2w26m")))))) + (define-public jasper-1.900.3 (package (inherit jasper-1.900.19) |