Your message dated Fri, 12 May 2023 20:35:25 +0000
with message-id <[email protected]>
and subject line Bug#1035954: fixed in opencv 4.6.0+dfsg-12
has caused the Debian Bug report #1035954,
regarding opencv: CVE-2023-2617 CVE-2023-2618
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1035954: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035954
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: opencv
X-Debbugs-CC: [email protected]
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for opencv.
CVE-2023-2617[0]:
| A vulnerability classified as problematic was found in OpenCV
| wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is
| the function DecodedBitStreamParser::decodeByteSegment of the file
| qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads
| to null pointer dereference. The attack can be launched remotely. The
| exploit has been disclosed to the public and may be used. It is
| recommended to apply a patch to fix this issue. The associated
| identifier of this vulnerability is VDB-228547.
https://github.com/opencv/opencv_contrib/pull/3480
https://github.com/opencv/opencv_contrib/commit/ccc277247ac1a7aef0a90353edcdec35fbc5903c
CVE-2023-2618[1]:
| A vulnerability, which was classified as problematic, has been found
| in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is
| the function DecodedBitStreamParser::decodeHanziSegment of the file
| qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads
| to memory leak. The attack may be launched remotely. The name of the
| patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended
| to apply a patch to fix this issue. The identifier of this
| vulnerability is VDB-228548.
https://github.com/opencv/opencv_contrib/pull/3484
https://github.com/opencv/opencv_contrib/commit/2b62ff6181163eea029ed1cab11363b4996e9cd6
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-2617
https://www.cve.org/CVERecord?id=CVE-2023-2617
[1] https://security-tracker.debian.org/tracker/CVE-2023-2618
https://www.cve.org/CVERecord?id=CVE-2023-2618
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: opencv
Source-Version: 4.6.0+dfsg-12
Done: Jochen Sprickerhof <[email protected]>
We believe that the bug you reported is fixed in the latest version of
opencv, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jochen Sprickerhof <[email protected]> (supplier of updated opencv package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 12 May 2023 11:40:38 +0200
Source: opencv
Architecture: source
Version: 4.6.0+dfsg-12
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Team
<[email protected]>
Changed-By: Jochen Sprickerhof <[email protected]>
Closes: 1035886 1035954
Changes:
opencv (4.6.0+dfsg-12) unstable; urgency=medium
.
* Team upload.
.
[ Andreas Beckmann ]
* libopencv-core406: Add Breaks: libopencv-core4.5 for smoother upgrades
from bullseye
(Closes: #1035886)
.
[ Jochen Sprickerhof ]
* Add upstream patches for CVE-2023-2617 and CVE-2023-2618 (Closes: #1035954)
Checksums-Sha1:
bad99e22c934beeb5ba5838b8f434d52216c3986 6876 opencv_4.6.0+dfsg-12.dsc
d17ba1e4b4312b80d2cecd2f1bcba9fccb1e53c6 35756
opencv_4.6.0+dfsg-12.debian.tar.xz
051a123112127012722e2cdd31147624aa9f45a4 8243
opencv_4.6.0+dfsg-12_source.buildinfo
Checksums-Sha256:
66d014c59f65ed670ee05d5695e5c0a500fa7ce2539a32bfa15ef5a9da2a4ffd 6876
opencv_4.6.0+dfsg-12.dsc
a3c65bda575969bec08b9fb66b3e4a7d71ff59980843358ff6febfc8af25e5ee 35756
opencv_4.6.0+dfsg-12.debian.tar.xz
4b920e12a4d661cbfb1c11a4c894e173ce1f5273a1e74ceec39a0ebc7b23d46c 8243
opencv_4.6.0+dfsg-12_source.buildinfo
Files:
c7cb44eef99c91e705c16280429bcee6 6876 devel optional opencv_4.6.0+dfsg-12.dsc
9238b7408246d8ccb072a974b3afdfb9 35756 devel optional
opencv_4.6.0+dfsg-12.debian.tar.xz
a10dee190cb9db5348bdbde9db59f09a 8243 devel optional
opencv_4.6.0+dfsg-12_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAmRemPMACgkQW//cwljm
lDODFg/9FFZNmuJ0EM3PeeNYTKP3wtuoFHJDs3MpTe/QhWx5LDu8vHg1XZDFPG2W
pByAWN3Jj+hlM5dqMJEKnQtD3zL5az8Lr9h+kb8uGbaErQLJQsLrcwfFuj9vTVT6
u15VcEQCr4FxKOX/o8HtHnkYhAzrjt57ZK2ct8QKTykKHLe//6NMrQyj6R2YX+Sk
x8TnjdiYfx0FIYdeoOrSTzv3YfFlYjmrA1og31IAqOIF8dvSZm1LwGqe5IHhevrP
Wi0KqHQVpZILNGrFHccxIZHP2EIIp8FbFmgwtEEURAH5XA8FaP+qrSnMfQWT+prU
gf6X3Z9Hu/2b6T4qm5jtUK+WG5eFFoyARiaAQtbMkSfZNOVo9Jjox1nBO5y3hVVN
dq92F5RDk2mW+yslVMurnimmXWMZH2eFX6Ac7lD0VHc33GtwaXAVBhM5pvfCo6YW
wl4y5plmBrAvPueeNNOo0is726EdTGcPCxPXhWKVQV+BcaH5yfEVhwd2Nis06saM
WLlfWND1Z4xqLK1uzMJm7UGKvm7YtYBvMbEEZONHNiR81Q/w9J9WhNaPN2tN2BzR
ESXqedrCrpa6sJUiKazlNLyYQaHkp2FJSnAe1SZTTH/k1uFDCPKvbbbLp7smmIV2
+urugo7Wn3Sp4m/hoZgVeB18z10xdPbHOdT3cWp+K9aFUezQa/k=
=zQfs
-----END PGP SIGNATURE-----
--- End Message ---
