This update for jasper fixes the following issues: - CVE-2016-9398: Improved patch for already fixed issue . - CVE-2016-9399: Fix assert in calcstepsizes . - CVE-2017-5499: Validate component depth bit . - CVE-2017-5503: Check bounds in jas_seq2d_bindsub . - CVE-2017-5504: Check bounds in jas_seq2d_bindsub . - CVE-2017-5505: Check bounds in jas_seq2d_bindsub . - CVE-2017-14132: Fix heap base overflow in by checking components . - CVE-2018-9252: Fix reachable assertion in jpc_abstorelstepsize . - CVE-2018-18873: Fix null pointer deref in ras_putdatastd . - CVE-2018-19139: Fix mem leaks by registering jpc_unk_destroyparms . - CVE-2018-19543, bsc#1045450 CVE-2017-9782: Fix numchans mixup . - CVE-2018-20570: Fix heap based buffer over-read in jp2_encode . - CVE-2018-20622: Fix memory leak in jas_malloc.c .