This update for jasper fixes the following issues: - CVE-2016-9398: Improved patch for already fixed issue . - CVE-2016-9399: Fix assert in calcstepsizes . - CVE-2016-9397: Fix assert in jpc_dequantize . - CVE-2016-9557: Fix signed integer overflow . - CVE-2017-5499: Validate component depth bit . - CVE-2017-5503: Check bounds in jas_seq2d_bindsub . - CVE-2017-5504: Check bounds in jas_seq2d_bindsub . - CVE-2017-5505: Check bounds in jas_seq2d_bindsub . - CVE-2017-14132: Fix heap base overflow in by checking components . - CVE-2018-9154: Fixed a potential denial of service in jpc_dec_process_sot . - CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize . - CVE-2018-18873: Fix null pointer deref in ras_putdatastd . - CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms . - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup . - CVE-2018-20570: Fix heap based buffer over-read in jp2_encode . - CVE-2018-20622: Fix memory leak in jas_malloc.c .