Your message dated Mon, 11 Jul 2016 07:48:35 +0000 with message-id <e1bmvxd-0000af...@franck.debian.org> and subject line Bug#800453: fixed in openjpeg2 2.1.1-1 has caused the Debian Bug report #800453, regarding CVE-2015-6581: Double free vulnerability in opj_j2k_copy_default_tcp_and_create_tcd to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 800453: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800453 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: openjpeg2 Severity: important Tags: security patch Version: 2.1.0-2 Hi, the following vulnerability was published for openjpeg2. CVE-2015-6581[0]: | Double free vulnerability in the | opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG | before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, | allows remote attackers to execute arbitrary code or cause a denial of | service (heap memory corruption) by triggering a memory-allocation | failure. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-6581 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6581 jessie is affected as The upstream fix is here: https://github.com/uclouvain/openjpeg/commit/0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0 Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
--- End Message ---
--- Begin Message ---Source: openjpeg2 Source-Version: 2.1.1-1 We believe that the bug you reported is fixed in the latest version of openjpeg2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 800...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mathieu Malaterre <ma...@debian.org> (supplier of updated openjpeg2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 11 Jul 2016 09:28:19 +0200 Source: openjpeg2 Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7 libopenjp2-7-dbg libopenjpip-dec-server libopenjpip-viewer libopenjpip-server libopenjp3d-tools libopenjp2-tools Architecture: source Version: 2.1.1-1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Mathieu Malaterre <ma...@debian.org> Description: libopenjp2-7 - JPEG 2000 image compression/decompression library libopenjp2-7-dbg - debug symbols for libopenjp2-7, a JPEG 2000 image library libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library libopenjp2-tools - command-line tools using the JPEG 2000 library libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression librar libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP protocol libopenjpip-server - JPIP server for JPEG 2000 files libopenjpip-viewer - JPEG 2000 java based viewer for advanced remote JPIP access libopenjpip7 - JPEG 2000 Interactive Protocol Closes: 772889 784377 787383 800149 800453 818399 820190 822577 829734 Changes: openjpeg2 (2.1.1-1) unstable; urgency=medium . * New upstream. Closes: #829734 + d/watch points toward github now + Fix man page typos. Closes: #772889, #784377 + Raise priority to optional. Closes: #822577 + Fix multiple CVEs: Closes: #800453, #800149, #818399 * Fix pc file. Closes: #787383 * Remove reference to contrib. Closes: #820190 * Bump Std-Vers to 3.9.8, no changes needed Checksums-Sha1: 591f57eca2f6c14f3533d3eeee9ebdf91307bb6a 2745 openjpeg2_2.1.1-1.dsc b995742c41abe58828d72ffec52404ec91111194 1984111 openjpeg2_2.1.1.orig.tar.gz 36418e6ee0ff229fe2ddd369fb6fbb203526005d 19520 openjpeg2_2.1.1-1.debian.tar.xz Checksums-Sha256: 5ae3c3a55b5ac4016aa4b119c13609af2f954d4765dbd21d7d49d381fe89663e 2745 openjpeg2_2.1.1-1.dsc 82c27f47fc7219e2ed5537ac69545bf15ed8c6ba8e6e1e529f89f7356506dbaa 1984111 openjpeg2_2.1.1.orig.tar.gz b7b43c2a23d4719009dc8cc7cad01faff779d7f7ab11ae1a9c6293dbd54f00f1 19520 openjpeg2_2.1.1-1.debian.tar.xz Files: c9e4cda2d708ff2053242d4dfc308291 2745 libs optional openjpeg2_2.1.1-1.dsc 0cc4b2aee0a9b6e9e21b7abcd201a3ec 1984111 libs optional openjpeg2_2.1.1.orig.tar.gz e870c7e4846c8db878e8104de6cb6e3c 19520 libs optional openjpeg2_2.1.1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJXg0q9AAoJEAFx4YKK4JNFXGEP/1YjZoMLtxFADHNyZdCWfaHn ADbvTRb9gpA/XB3NNj/9hRGjZoAfRFjVo9WwNBxA+caCZ/JGZGLOfsL6fSW4Cgxh t0VolwsocDy1j7912hBBdrod/j5ho9ALewUVONBqNoFhnIieRy/bP9b02pmmdquV zk97+ljWdpiVQIsy3/W3F/KcsGDLZnKjS+ILFOTru+YfthVUWn3boGq2JUlwHAUH 2PyOfWCoQqRW+ZHtPT5+Cp3poz1xa3PDFn7eON0BLZHVfyH9ImjW4U6HkFlpo3Mj G4ds2bnkP9Er9HUtT6CV326hyomGG152pWqRmBZM0LuE1+HTGdUx/SZsnom/kegM I4lqK8o9ybExtF8BrtnUu8UbG1mvHDdSaRzuBHr3IZCfFDTiMIn6S1y9/IiNdWaP hQcTbb5tDhexZU81NSQG6WxnmmBWmqxEdvlCpMgMAUWc+uDl+r/4G46MDMa6Ekv5 oDJL2MI78xDgX3B3w5vLtGoD22BRvXLvLLCmNm/P3/DJmSMtBqk0eQlwc4mOBh6O 1xFtQdNA+o2uvhq3LLR0acBLhDEruCHVORd+qpxusXwFktvJpkwNGDYLtevH81yj B+FTHFJH7cKk/0dkqO+LiYlZqM2sfxYn0VtooDF/xrsg7VqV+tjetm93CpGWdAm5 pZAxKNbz8D3BCt1cNVXv =ObLW -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
