This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Updated: {jasper/libjasper1/libjasper-devel}-1.900.22-1: JPEG-2000 codec library

On 05/05/2017 22:37, Yaakov Selkowitz wrote:
On 2017-03-24 14:02, Yaakov Selkowitz wrote:
On 2017-02-22 13:53, Yaakov Selkowitz wrote:
No, the details are in the .spec file.  In short, you want 1.900.13 plus
the jasper-1.900.1-CVE-2008-3520.patch and
jasper-1.900.13-CVE-2016-9583.patch patches.

There are now additionally jasper-1.900.13-CVE-2016-9262.patch and

Once that's uploaded, then let's proceed with an upgrade to 2.0.10,
which already has all the fixes along with the ABI version change.

That's 2.0.12 now.

Unfortunately, some of my packages ended up being built against the
later libjasper1, so it's too late to revert this cleanly.  Therefore, I
have left it alone, uploaded 2.0.12, and rebuilt all my dependent packages.

Marco, that leaves your gdal and GraphicsMagick as the only packages
still using libjasper1.

rebuilding GraphicsMagick.
Gdal should have a new release in short.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]