MGASA-2020-0463 - Updated jasper packages fix security vulnerability

Publication date: 17 Dec 2020
URL: https://advisories.mageia.org/MGASA-2020-0463.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-27828

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted
input provided to jasper by an attacker could cause an arbitrary out-of-bounds
write. This could potentially affect data confidentiality, integrity, or
application availability (CVE-2020-27828).

References:
- https://bugs.mageia.org/show_bug.cgi?id=27842
- https://github.com/jasper-software/jasper/releases/tag/version-2.0.23
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27828

SRPMS:
- 7/core/jasper-2.0.23-1.mga7