Your message dated Thu, 29 Sep 2016 06:33:43 +0000
with message-id <[email protected]>
and subject line Bug#838690: fixed in openjpeg2 2.1.2-1
has caused the Debian Bug report #838690,
regarding openjpeg2: CVE-2016-7445: Null pointer dereference in convert.c
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
838690: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838690
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openjpeg2
Version: 2.1.0-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/843
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-7445[0]:
openjpeg null ptr dereference in convert.c
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-7445
[1] https://github.com/uclouvain/openjpeg/issues/843
[2] http://seclists.org/oss-sec/2016/q3/546
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openjpeg2
Source-Version: 2.1.2-1
We believe that the bug you reported is fixed in the latest version of
openjpeg2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mathieu Malaterre <[email protected]> (supplier of updated openjpeg2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 29 Sep 2016 08:11:30 +0200
Source: openjpeg2
Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7
libopenjp2-7-dbg libopenjpip-dec-server libopenjpip-viewer libopenjpip-server
libopenjp3d-tools libopenjp2-tools
Architecture: source
Version: 2.1.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: Mathieu Malaterre <[email protected]>
Description:
libopenjp2-7 - JPEG 2000 image compression/decompression library
libopenjp2-7-dbg - debug symbols for libopenjp2-7, a JPEG 2000 image library
libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library
libopenjp2-tools - command-line tools using the JPEG 2000 library
libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library
libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression
librar
libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP
protocol
libopenjpip-server - JPIP server for JPEG 2000 files
libopenjpip-viewer - JPEG 2000 java based viewer for advanced remote JPIP
access
libopenjpip7 - JPEG 2000 Interactive Protocol
Closes: 837604 838690 839120
Changes:
openjpeg2 (2.1.2-1) unstable; urgency=medium
.
* New upstream. Closes: #839120
* Fix CVE-2016-7163. Closes: #837604
* Fix CVE-2016-7445. Closes: #838690
* Remove patches applied upstream:
Checksums-Sha1:
44f1bc5f1f6676baf487e1f9f9b340df465d3a0d 2745 openjpeg2_2.1.2-1.dsc
c8671e7f577fdc58abde1e1f32b10d372e6f9b07 1987071 openjpeg2_2.1.2.orig.tar.gz
51d463d45ad20fd23463d6b48b832d0ba65bd489 17176 openjpeg2_2.1.2-1.debian.tar.xz
Checksums-Sha256:
b2f16bb0be9a9f5b218b01252391d2280820165ab96ec3e2a6b26a8ce4f01bca 2745
openjpeg2_2.1.2-1.dsc
4ce77b6ef538ef090d9bde1d5eeff8b3069ab56c4906f083475517c2c023dfa7 1987071
openjpeg2_2.1.2.orig.tar.gz
ef4381c844169803b0512486d0fd8e0d2c82b8b77ab65e0043cb1376adcde451 17176
openjpeg2_2.1.2-1.debian.tar.xz
Files:
8cf599e64e6b3330bb78861736a3ddec 2745 libs optional openjpeg2_2.1.2-1.dsc
40a7bfdcc66280b3c1402a0eb1a27624 1987071 libs optional
openjpeg2_2.1.2.orig.tar.gz
94c7d8950173a2d8b9e1205845f0899e 17176 libs optional
openjpeg2_2.1.2-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJX7LKaAAoJEAFx4YKK4JNF73cP/1g6BzRUmuctoWr76KQ4xKpl
rVZheiE6sApKsXITDv4kipomqWTjl+Pp+5cWaGjyhf/qMJt3ZFtAHER5PJmwx+05
Y9OUvrCoO8a9mz/oA+OzQWhbxscAbIrxCEMAQfkp0dDFDY3lmjja7p+FdT5c0aLI
6dIOFvpoCCz5Sa2iz6EuCtdF69hneo5oUb4pSSYVtF4uyguqZ3lS0qNOUHC6ouWh
CnDzSvdulh4W4VkKdQylixNmYp8Jd9Mq70wmeABPxzpZMlCQAWlwh0dikJoOQ5YX
wxrfwXIlSwvgJ9vL8S+XaJABpSoCbgLbOwbtctJjnaQ97UK8b8hzJ0Jpea71Aodc
qAm4X6enwPC6oSbfTVN1KDmHKcuVntpiNE9ypUoeZK1IvDudF0PxuMAf05H2ibR4
Ewa3RM5VdGOrVOyMPM40Y8z6JprD5ecOxF1YE26VB3A/WpKx+rWN7TulAzT0o+Zv
tGPcDXn6PDW/WVLXcKCx1xVltg9/WIdvkvWnCfZf7kDvSf8siyKsZRO0jUkVezyz
XPz576O9wqUP+5LYw/FPyO7ARs5PTuifdVOsa1roRgiLr4p5guKtHO40JaKHRoVV
s0AgBXG0ofRD4+KLoMQh8YF61Snmuc/RNwk6LFjhY8rsOb7xqjCpXhTFMBrRfSfu
ErX40SIfTFd08b2KT0uW
=XMVu
-----END PGP SIGNATURE-----
--- End Message ---
