From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: [v2 0/1] Jasper security fixes Date: Thu, 4 Feb 2016 03:12:25 -0500 Message-ID: Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:55849) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aRF1o-0001gp-L0 for guix-devel@gnu.org; Thu, 04 Feb 2016 03:12:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aRF1l-0002NE-ET for guix-devel@gnu.org; Thu, 04 Feb 2016 03:12:36 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:45827) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aRF1l-0002N8-BP for guix-devel@gnu.org; Thu, 04 Feb 2016 03:12:33 -0500 Received: from jasmine.lan (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231]) by mail.messagingengine.com (Postfix) with ESMTPA id 07153C00014 for ; Thu, 4 Feb 2016 03:12:31 -0500 (EST) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: guix-devel@gnu.org This is the same code as before with minor changes: 1. I realized that the jasper-stepsizes-overflow.patch was btter named jasper-CVE-2007-2721.patch and renamed it. 2. A whitespace fix. 3. I added my name in the copyright stanza. If there are no comments I'll push today, or someone else may push. Leo Famulari (1): gnu: jasper: Add fixes for several security flaws. gnu-system.am | 9 + gnu/packages/image.scm | 14 +- gnu/packages/patches/jasper-CVE-2007-2721.patch | 20 + gnu/packages/patches/jasper-CVE-2008-3520.patch | 931 +++++++++++++++++++++ .../jasper-CVE-2011-4516-and-CVE-2011-4517.patch | 31 + gnu/packages/patches/jasper-CVE-2014-8137.patch | 64 ++ gnu/packages/patches/jasper-CVE-2014-8138.patch | 21 + gnu/packages/patches/jasper-CVE-2014-8157.patch | 19 + gnu/packages/patches/jasper-CVE-2014-8158.patch | 336 ++++++++ gnu/packages/patches/jasper-CVE-2014-9029.patch | 36 + gnu/packages/patches/jasper-CVE-2016-1867.patch | 18 + 11 files changed, 1498 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/jasper-CVE-2007-2721.patch create mode 100644 gnu/packages/patches/jasper-CVE-2008-3520.patch create mode 100644 gnu/packages/patches/jasper-CVE-2011-4516-and-CVE-2011-4517.patch create mode 100644 gnu/packages/patches/jasper-CVE-2014-8137.patch create mode 100644 gnu/packages/patches/jasper-CVE-2014-8138.patch create mode 100644 gnu/packages/patches/jasper-CVE-2014-8157.patch create mode 100644 gnu/packages/patches/jasper-CVE-2014-8158.patch create mode 100644 gnu/packages/patches/jasper-CVE-2014-9029.patch create mode 100644 gnu/packages/patches/jasper-CVE-2016-1867.patch -- 2.6.3