openSUSE has issued an advisory on October 7: https://lists.opensuse.org/opensuse-updates/2019-10/msg00050.html The fixes are probably in 2.0.16 upstream (in Cauldron).
Done for both Cauldron and mga7!
Advisory: ======================== Updated jasper packages fix security vulnerabilities: Heap based overflow in jas_icctxtdesc_input (CVE-2018-19540). Heap based overread in jas_image_depalettize (CVE-2018-19541). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19540 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19541 https://lists.opensuse.org/opensuse-updates/2019-10/msg00050.html ======================== Updated packages in core/updates_testing: ======================== jasper-2.0.14-4.1.mga7 libjasper4-2.0.14-4.1.mga7 libjasper-devel-2.0.14-4.1.mga7 from jasper-2.0.14-4.1.mga7.src.rpm
CC: (none) => geiger.david68210Assignee: geiger.david68210 => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues Ref bug 24760 Comment 4 and 6 starting with a jpg file which is the result of a conversion in Gimp from a tiff picture. $ imginfo -f riet0022-4.jpg jpg 1 2013 1809 8 3641517 $ jasper --input riet0022-4.jpg --output-format jp2 --output riet0022-4.jp2 result dsiplays OK in Gimp $ imginfo -f riet0022-4.jp2 jp2 1 2013 1809 8 3641517 $ jasper -f riet0022-4.jp2 -F riet.bmp -T bmp result displays OK in gwenview $ display riet.bmp display: length and filesize do not match `riet.bmp' @ warning/bmp.c/ReadBMPImage/834. display is also OK $ imginfo -f riet.bmp THE BMP FORMAT IS NOT FULLY SUPPORTED! THAT IS, THE JASPER SOFTWARE CANNOT DECODE ALL TYPES OF BMP DATA. IF YOU HAVE ANY PROBLEMS, PLEASE TRY CONVERTING YOUR IMAGE DATA TO THE PNM FORMAT, AND USING THIS FORMAT INSTEAD. bmp 1 2013 1809 8 3641517 $ convert riet.bmp riet.ppm convert: length and filesize do not match `riet.bmp' @ warning/bmp.c/ReadBMPImage/834. ppm file displays OK in gwenview Good to go
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Advisory uploaded.
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0381.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED