This has been found out [1] coming from a bug in libpng older than 1.6.19,
1.5.24, 1.4.17, 1.2.54 and
1.0.64 (CVE-2015-8126).
DS
[1]
https://sourceforge.net/p/png-mng/mailman/png-mng-implement/thread/CA%2BPdXcuhLXJ89s6qjOEcm%2B99eWLmPBFcYSwcwJkajkLrNRLTeQ%40mail.gmail.com/#msg34581085
--
Source: openjpeg2
Version: 2.1.2-1.1
Severity: wishlist
Currently, openjpeg2 is involved in build dependency cycles such as:
openjpeg2 Build-Depends on javahelper
javatools Build-Depends on default-jdk
default-jdk Depends on openjdk-8-jdk
openjdk-8 Build-Depends on libcups2-dev
cups
Processing commands for cont...@bugs.debian.org:
> #
> # bts-link upstream status pull for source package src:openjpeg2
> # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
> #
> user bts-link-upstr...@lists.alioth.debian.org
Setting user to
#
# bts-link upstream status pull for source package src:openjpeg2
# see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
#
user bts-link-upstr...@lists.alioth.debian.org
# remote status report for #844551 (http://bugs.debian.org/844551)
# Bug title: openjpeg2: CVE-2016-9112
#