security flaws in jasper (CVE-2015-5203, CVE-2015-5221)

Curtis Villamizar curtis at
Thu Aug 27 16:32:58 UTC 2015

Michael, Maxim,

Any chance of fixing these two bugs?

A fix for CVE-2015-5203 was proposed.  See

Diffs are at
though I don't know if these diffs fix anything.

The second bug is described at
where a few means of fixing the bug are described but no diffs given.

There is some brief information at
which is where I ran into this.

Both firefox and chromium use the graphics/gdk-pixbuf2 port which
usually includes jasper, but can be configured out.  Netpbm also uses
jasper which affects a few other ports and can't be configured out.
Other ports are likely to be affected.  I just looked at ports I
regularly build and use.


More information about the freebsd-ports mailing list