[SECURITY] jasper: CVE-2014-8137, CVE-2014-8138

Yaakov Selkowitz yselkowitz@cygwin.com
Mon Jan 19 19:39:00 GMT 2015

On Mon, 2014-12-08 at 01:40 -0600, Yaakov Selkowitz wrote:
> Dr. Volker Zell,
> Could you please update jasper to 1.900.1-14 with the latest patchset 
> from Fedora:
> http://sourceforge.net/p/cygwin-ports/jasper/ci/master/tree/

Sorry, I had the wrong CVE in $SUBJECT.  The ones that have yet to be
fixed in our packages are CVE-2014-8137 and CVE-2014-8138.


More information about the Cygwin-apps mailing list