It was discovered that the JasPer JPEG-2000 runtime library allowed an attacker to create a crafted input file that could lead to denial of service and heap corruption. Besides addressing this vulnerability, this updates also addresses a regression introduced in the security fix for CVE-2008-3521, applied before Debian Lenny"s release, that could cause errors when reading some JPEG input files. For the stable distribution , this problem has been fixed in version 1.900.1-5.1+lenny1. For the unstable distribution , this problem has been fixed in version 1.900.1-6. We recommend that you upgrade your jasper package.