This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [SECURITY] jasper: CVE-2014-8137, CVE-2014-8138
- From: Yaakov Selkowitz <yselkowitz at cygwin dot com>
- To: cygwin-apps at cygwin dot com
- Cc: "dr dot volker dot zell at oracle dot com" <dr dot volker dot zell at oracle dot com>
- Date: Mon, 19 Jan 2015 13:39:01 -0600
- Subject: Re: [SECURITY] jasper: CVE-2014-8137, CVE-2014-8138
- Authentication-results: sourceware.org; auth=none
- References: <548555E1 dot 1020300 at cygwin dot com>
On Mon, 2014-12-08 at 01:40 -0600, Yaakov Selkowitz wrote:
> Dr. Volker Zell,
>
> Could you please update jasper to 1.900.1-14 with the latest patchset
> from Fedora:
>
> http://sourceforge.net/p/cygwin-ports/jasper/ci/master/tree/
Sorry, I had the wrong CVE in $SUBJECT. The ones that have yet to be
fixed in our packages are CVE-2014-8137 and CVE-2014-8138.
Yaakov