Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 16 Oct 2017 12:17:27 -0200
Source: libgphoto2
Binary: libgphoto2-dev libgphoto2-dev-doc libgphoto2-port12 libgphoto2-6
libgphoto2-l10n
Architecture: source
Version: 2.5.16-1
Distribution: unstable
Urgency: medium
Control: severity -1 important
While I understand the this generic heap based buffer overflow ought
to be fixed in Debian stable, I fail to see why it is marked as
affecting stretch.
Here is what I see:
$ bin/opj_compress -r 20,10,1 -jpip -EPH -SOP -cinema2K 24 -n 1 -i
Processing control commands:
> severity -1 important
Bug #874118 {Done: Salvatore Bonaccorso } [src:openjpeg2]
openjpeg2: CVE-2017-14039: Heap-based buffer overflow in opj_t2_encode_packet
function in lib/openjp2/t2.c
Ignoring request to change severity of Bug 874118 to the
libgphoto2_2.5.16-1_amd64.changes uploaded successfully to localhost
along with the files:
libgphoto2_2.5.16-1.dsc
libgphoto2_2.5.16.orig.tar.bz2
libgphoto2_2.5.16-1.debian.tar.xz
libgphoto2_2.5.16-1_amd64.buildinfo
Greetings,
Your Debian queue daemon (running on host
Processing commands for cont...@bugs.debian.org:
> close 874117 2.3.0-1
Bug #874117 [src:openjpeg2] openjpeg2: CVE-2017-14040: invalid memory write in
tgatoimage
Marked as fixed in versions openjpeg2/2.3.0-1.
Bug #874117 [src:openjpeg2] openjpeg2: CVE-2017-14040: invalid memory write in
Processing commands for cont...@bugs.debian.org:
> close 874118 2.3.0-1
Bug #874118 [src:openjpeg2] openjpeg2: CVE-2017-14039: Heap-based buffer
overflow in opj_t2_encode_packet function in lib/openjp2/t2.c
Marked as fixed in versions openjpeg2/2.3.0-1.
Bug #874118 [src:openjpeg2] openjpeg2:
Your message dated Mon, 16 Oct 2017 09:08:02 +
with message-id
and subject line Bug#877676: fixed in openjpeg2 2.3.0-1
has caused the Debian Bug report #877676,
regarding Drop -dbg package
to be marked as done.
This means that you claim that the problem
Your message dated Mon, 16 Oct 2017 09:08:02 +
with message-id
and subject line Bug#877758: fixed in openjpeg2 2.3.0-1
has caused the Debian Bug report #877758,
regarding OpenJPEG 2.3.0 is out !
to be marked as done.
This means that you claim that the
Your message dated Mon, 16 Oct 2017 09:08:02 +
with message-id
and subject line Bug#874430: fixed in openjpeg2 2.3.0-1
has caused the Debian Bug report #874430,
regarding openjpeg2: CVE-2017-14151: heap-based buffer overflow in opj_mqc_flush
to be marked
Your message dated Mon, 16 Oct 2017 09:08:02 +
with message-id
and subject line Bug#874431: fixed in openjpeg2 2.3.0-1
has caused the Debian Bug report #874431,
regarding openjpeg2: CVE-2017-14152: heap-based buffer overflow in
opj_write_bytes_LE
to be
Your message dated Mon, 16 Oct 2017 09:08:02 +
with message-id
and subject line Bug#874115: fixed in openjpeg2 2.3.0-1
has caused the Debian Bug report #874115,
regarding openjpeg2: CVE-2017-14041: Stack-based buffer over-write in
pgxtoimage function in
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Mon, 16 Oct 2017 07:43:41 +0200
Source: openjpeg2
Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7
libopenjpip-dec-server libopenjpip-viewer libopenjpip-server libopenjp3d-tools
libopenjp2-tools
openjpeg2_2.3.0-1_amd64.changes uploaded successfully to localhost
along with the files:
openjpeg2_2.3.0-1.dsc
openjpeg2_2.3.0.orig.tar.gz
openjpeg2_2.3.0-1.debian.tar.xz
libopenjp2-7-dbgsym_2.3.0-1_amd64.deb
libopenjp2-7-dev_2.3.0-1_amd64.deb
libopenjp2-7_2.3.0-1_amd64.deb
13 matches
Mail list logo