From e224495ce1ce373cc43b49faa538116c9cac1466 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Tue, 8 Mar 2016 11:49:04 +0200
Subject: gnu: jasper: Add fixes for CVE-2016-1577, CVE-2016-2089,
 CVE-2016-2116.

* gnu/packages/patches/jasper-CVE-2016-1557.patch,
gnu/packages/patches/jasper-CVE-2016-2089.patch,
gnu/packages/patches/jasper-CVE-2016-2116.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/image.scm (jasper)[source]: Add patches.
---
 gnu/packages/patches/jasper-CVE-2016-2116.patch | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 gnu/packages/patches/jasper-CVE-2016-2116.patch

(limited to 'gnu/packages/patches/jasper-CVE-2016-2116.patch')

diff --git a/gnu/packages/patches/jasper-CVE-2016-2116.patch b/gnu/packages/patches/jasper-CVE-2016-2116.patch
new file mode 100644
index 0000000000..cdb616fb6a
--- /dev/null
+++ b/gnu/packages/patches/jasper-CVE-2016-2116.patch
@@ -0,0 +1,19 @@
+Description: CVE-2016-2116: Prevent jas_stream_t memory leak in jas_iccprof_createfrombuf()
+Origin: vendor, http://www.openwall.com/lists/oss-security/2016/03/03/12
+Bug-Debian: https://bugs.debian.org/816626
+Forwarded: not-needed
+Author: Tyler Hicks <tyhicks@canoonical.com>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2016-03-05
+
+--- a/src/libjasper/base/jas_icc.c
++++ b/src/libjasper/base/jas_icc.c
+@@ -1693,6 +1693,8 @@ jas_iccprof_t *jas_iccprof_createfrombuf
+ 	jas_stream_close(in);
+ 	return prof;
+ error:
++	if (in)
++		jas_stream_close(in);
+ 	return 0;
+ }
+ 
-- 
cgit v1.2.3