Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openjpeg: security update to 2.3.0 #764

Closed
l2dy opened this issue Oct 5, 2017 · 3 comments
Closed

openjpeg: security update to 2.3.0 #764

l2dy opened this issue Oct 5, 2017 · 3 comments
Labels
security Topic/issue involves a security issue/fixed upgrade Topic/issue involves a package upgrade

Comments

@l2dy
Copy link
Member

l2dy commented Oct 5, 2017

See https://github.com/uclouvain/openjpeg/blob/v2.3.0/CHANGELOG.md.
At least CVE-2017-14152: uclouvain/openjpeg#985 (comment).
@l2dy l2dy added security Topic/issue involves a security issue/fixed upgrade Topic/issue involves a package upgrade labels Oct 5, 2017
MingcongBai added a commit that referenced this issue Oct 5, 2017
@MingcongBai
openjpeg: fix CVE-2017-14152.patch; fix #764
c0aa551
@MingcongBai
Copy link
Member

Fixed with c0aa551. Closing.

@l2dy
Copy link
Member Author

l2dy commented Oct 6, 2017

Use AOSA-2017-0122.

MingcongBai added a commit that referenced this issue Oct 27, 2017
@MingcongBai
openjpeg: fix CVE-2017-14152.patch; fix #764
bd9eb4f
@l2dy
Copy link
Member Author

l2dy commented Nov 1, 2017

I did say at least...

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4013-1                   [email protected]
https://www.debian.org/security/                       Moritz Muehlenhoff
October 31, 2017                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openjpeg2
CVE ID         : CVE-2016-1628 CVE-2016-5152 CVE-2016-5157 CVE-2016-9118
                CVE-2016-10504 CVE-2017-14039 CVE-2017-14040
		 CVE-2017-14041 CVE-2017-14151 CVE-2017-14152

Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression /
decompression library, may result in denial of service or the execution
of arbitrary code if a malformed JPEG 2000 file is processed.

@l2dy l2dy mentioned this issue Nov 1, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Topic/issue involves a security issue/fixed upgrade Topic/issue involves a package upgrade
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MingcongBai @l2dy