jasper (1.900.1-3ubuntu0.8.04.1) hardy-security; urgency=low

  * SECURITY UPDATE: integer overflows via integer multiplication for
    memory allocation
    - src/libjasper/include/jasper/jas_malloc.h,
      src/libjasper/base/jas_malloc.c:
      * introduce new size-checked allocation functions
    - src/libjasper/base/jas_*.c,
      src/libjasper/bmp/bmp_dec.c,
      src/libjasper/jp2/jp2_*.c,
      src/libjasper/jpc/jpc_*.c,
      src/libjasper/mif/mif_cod.c:
      * use new size-checked allocation functions
    - CVE-2008-3520
  * SECURITY UPDATE: denial of service via temporary file name prediction
    - src/libjasper/base/jas_stream.c: use mkstemp()
    - CVE-2008-3521
  * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
    - src/libjasper/base/jas_stream.c: use vsnprintf()
    - CVE-2008-3522

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 18 Mar 2009 11:54:49 -0400

jasper (1.900.1-3) unstable; urgency=low

  * Fixed segfaults on broken images (Closes: #413041)

 -- Roland Stigge <stigge@antcom.de>  Tue, 10 Apr 2007 10:05:10 +0200

jasper (1.900.1-2) experimental; urgency=low

  * Added jas_tmr.h to -dev package (Closes: #414705)

 -- Roland Stigge <stigge@antcom.de>  Tue, 13 Mar 2007 14:23:58 +0100

jasper (1.900.1-1) experimental; urgency=low

  * New upstream release
  * debian/control:
    - Standards-Version: 3.7.2
    - Build-Depends: freeglut3-dev instead of libglut3-dev (Closes: #394496)
  * Renamed packages to libjasper1, libjasper-dev, libjasper-runtime according
    to upstream shared library naming change

 -- Roland Stigge <stigge@antcom.de>  Fri, 26 Jan 2007 14:22:18 +0100

jasper (1.701.0-2) unstable; urgency=low

  * Prevent compression of pdf documents in binary packages
  * Added man pages for the executables (Closes: #250077)
  * Again renamed binary packages to reflect Policy:
      - libjasper-1.701-1
      - libjasper-1.701-dev (Provides, Replaces and Conflicts: libjasper-dev)
      - libjasper-runtime

 -- Roland Stigge <stigge@antcom.de>  Sun, 20 Jun 2004 13:54:10 +0200

jasper (1.701.0-1) unstable; urgency=low

  * New maintainer (Closes: #217099)
  * New upstream release (Closes: #217570)
      - new DFSG-compliant license (Closes: #218999, #245075)
      - includes newer libtool related files (Closes: #210383)
  * debian/control:
      - Standards-Version: 3.6.1
      - Changed binary package names, fixed interdependencies (Closes: #211592)
          libjasper-1.700-2 => libjasper1
          libjasper-1.700-2-dev => libjasper-dev
          libjasper-progs => libjasper-runtime
        (new packages conflicting and replacing the old ones)
      - Added libxi-dev, libxmu-dev, libxt-dev to Build-Depends
        (Closes: #250481)

 -- Roland Stigge <stigge@antcom.de>  Sat, 19 Jun 2004 23:19:32 +0200

jasper (1.700.2-1) unstable; urgency=low

  * Initial Release.

 -- Christopher L Cheney <ccheney@debian.org>  Fri, 22 Aug 2003 01:30:00 -0500