Bugzilla – Bug 1202642
VUL-0: CVE-2022-2963: jasper: jasper: memory leaks in function cmdopts_parse
Last modified: 2022-10-20 13:22:34 UTC
A memory leak bug in jasper 3.0.6 in function cmdopts_parse. https://github.com/jasper-software/jasper/issues/332 https://github.com/jasper-software/jasper/commit/d99636fad60629785efd1ef72da772a8ef68f54c References: https://bugzilla.redhat.com/show_bug.cgi?id=2118587 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2963
Affected packages: - SUSE:SLE-11:Update/jasper 1.900.14 - SUSE:SLE-12:Update/jasper 1.900.14 - SUSE:SLE-15:Update/jasper 2.0.14 - openSUSE:Factory/jasper 3.0.6 Upstream patch [0]. [0] https://github.com/jasper-software/jasper/commit/d99636fad60629785efd1ef72da772a8ef68f54c
(In reply to Gianluca Gabrielli from comment #1) > Affected packages: > - SUSE:SLE-11:Update/jasper 1.900.14 > - SUSE:SLE-12:Update/jasper 1.900.14 > - SUSE:SLE-15:Update/jasper 2.0.14 > - openSUSE:Factory/jasper 3.0.6 > > Upstream patch [0]. > > [0] > https://github.com/jasper-software/jasper/commit/ > d99636fad60629785efd1ef72da772a8ef68f54c Any news on this Fridrich? :)
(In reply to Thomas Leroy from comment #2) > (In reply to Gianluca Gabrielli from comment #1) > > Affected packages: > > - SUSE:SLE-11:Update/jasper 1.900.14 > > - SUSE:SLE-12:Update/jasper 1.900.14 > > - SUSE:SLE-15:Update/jasper 2.0.14 > > - openSUSE:Factory/jasper 3.0.6 > > > > Upstream patch [0]. > > > > [0] > > https://github.com/jasper-software/jasper/commit/ > > d99636fad60629785efd1ef72da772a8ef68f54c > Any news on this Fridrich? :) Seems I missed this bug when taking them over from Fridrich. I'll take a look.
Factory: SR#1004089 SLE11: SR#280115 SLE12: SR#280116 SLE15: SR#280118
This is an autogenerated message for OBS integration: This bug (1202642) was mentioned in https://build.opensuse.org/request/show/1004089 Factory / jasper
SUSE-SU-2022:3673-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1202642 CVE References: CVE-2022-2963 JIRA References: Sources used: openSUSE Leap 15.4 (src): jasper-2.0.14-150000.3.28.1 openSUSE Leap 15.3 (src): jasper-2.0.14-150000.3.28.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src): jasper-2.0.14-150000.3.28.1 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src): jasper-2.0.14-150000.3.28.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): jasper-2.0.14-150000.3.28.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): jasper-2.0.14-150000.3.28.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3672-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1202642 CVE References: CVE-2022-2963 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): jasper-1.900.14-195.34.1 SUSE Linux Enterprise Server 12-SP5 (src): jasper-1.900.14-195.34.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.