An advisory has been issued today (December 18):
Patched packages uploaded for Mageia 4 and Cauldron.
Updated jasper packages fix security vulnerabilities:
A double free flaw was found in the way JasPer parsed ICC color profiles in
JPEG 2000 image files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8137).
A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG
2000 image files. A specially crafted file could cause an application using
JasPer to crash or, possibly, execute arbitrary code (CVE-2014-8138).
Updated packages in core/updates_testing:
Steps to Reproduce:
MGA4-64 on HP-Probook 6555b
No problems installing jasper.
As in Comment 1, I can open and edit a jpg file.
has_procedure MGA4-64 OK
MGA4-32 on Acer D620
Works OK, same test as Comment 1
has_procedure MGA4-64 OK =>
has_procedure MGA4-32-OK MGA4-64-OK
Validating. Advisory uploaded.
Could sysadmin please push to 4 updates
has_procedure MGA4-32-OK MGA4-64-OK =>
has_procedure advisory MGA4-32-OK MGA4-64-OKCC:
An update for this issue has been pushed to Mageia Updates repository.