type: security
subject: Updated jasper packages fix security vulnerabilities
CVE:
 - CVE-2016-9398
 - CVE-2018-19542
 - CVE-2018-19539
src:
  6:
   core:
     - jasper-1.900.23-5.2.mga6
description: |
  Updated jasper packages fix security vulnerabilities:

  The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17
  allows remote attackers to cause a denial of service (assertion failure)
  via unspecified vectors (CVE-2016-9398).

  A denial of service in jp2_decode (CVE-2018-19542).

  A denial of service in jas_image_readcmpt (CVE-2018-19539).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24760
 - https://lists.opensuse.org/opensuse-updates/2019-05/msg00017.html