This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [SECURITY] jasper: CVE-2014-8137, CVE-2014-8138

From: Yaakov Selkowitz <yselkowitz at cygwin dot com>
To: cygwin-apps at cygwin dot com
Cc: "dr dot volker dot zell at oracle dot com" <dr dot volker dot zell at oracle dot com>
Date: Mon, 19 Jan 2015 13:39:01 -0600
Subject: Re: [SECURITY] jasper: CVE-2014-8137, CVE-2014-8138
Authentication-results: sourceware.org; auth=none
References: <548555E1 dot 1020300 at cygwin dot com>

On Mon, 2014-12-08 at 01:40 -0600, Yaakov Selkowitz wrote:
> Dr. Volker Zell,
> 
> Could you please update jasper to 1.900.1-14 with the latest patchset 
> from Fedora:
> 
> http://sourceforge.net/p/cygwin-ports/jasper/ci/master/tree/

Sorry, I had the wrong CVE in $SUBJECT.  The ones that have yet to be
fixed in our packages are CVE-2014-8137 and CVE-2014-8138.

Yaakov

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]