MGASA-2020-0463 - Updated jasper packages fix security vulnerability

Publication date: 17 Dec 2020
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-27828

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted
input provided to jasper by an attacker could cause an arbitrary out-of-bounds
write. This could potentially affect data confidentiality, integrity, or
application availability (CVE-2020-27828).


- 7/core/jasper-2.0.23-1.mga7