Your message dated Fri, 08 May 2026 18:05:01 +0000
with message-id <[email protected]>
and subject line Bug#1133832: fixed in openjpeg2 2.5.4-1.1
has caused the Debian Bug report #1133832,
regarding openjpeg2: CVE-2026-6192
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1133832: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133832
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openjpeg2
Version: 2.5.4-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/1619
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for openjpeg2.
CVE-2026-6192[0]:
| A vulnerability was identified in uclouvain openjpeg up to 2.5.4.
| This impacts the function opj_pi_initialise_encode in the library
| src/lib/openjp2/pi.c. The manipulation leads to integer overflow.
| The attack must be carried out locally. The exploit is publicly
| available and might be used. The identifier of the patch is
| 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install
| a patch to address this issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-6192
https://www.cve.org/CVERecord?id=CVE-2026-6192
[1] https://github.com/uclouvain/openjpeg/issues/1619
[2] https://github.com/uclouvain/openjpeg/pull/1628
[3]
https://github.com/uclouvain/openjpeg/commit/839936aa33eb8899bbbd80fda02796bb65068951
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openjpeg2
Source-Version: 2.5.4-1.1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
openjpeg2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated openjpeg2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 07 May 2026 20:45:14 +0300
Source: openjpeg2
Architecture: source
Version: 2.5.4-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1133832
Changes:
openjpeg2 (2.5.4-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2026-6192: Integer Overflow in opj_pi_initialise_encode()
(Closes: #1133832)
Checksums-Sha1:
b2308e788a88b0880836075f8b23a1e0c80329bc 2606 openjpeg2_2.5.4-1.1.dsc
53b9635a3b7683df2f61d0bcbb3a2085373fda31 16116
openjpeg2_2.5.4-1.1.debian.tar.xz
Checksums-Sha256:
39545c11967f2a4468105a4074fa93810a57a445fafcc0180aa123676194b7ab 2606
openjpeg2_2.5.4-1.1.dsc
d01df7527cd2ed2a332284fa81d68af2783e9706d83f08dc90402b4fee3a71ed 16116
openjpeg2_2.5.4-1.1.debian.tar.xz
Files:
7878487ac5ef44b771a3269315920a80 2606 libs optional openjpeg2_2.5.4-1.1.dsc
017a06c29309cd9467b529be55da0da7 16116 libs optional
openjpeg2_2.5.4-1.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmn89oUACgkQiNJCh6LY
mLH/Lg/8DZizxuzWntmdtNwmAIBPpBhsFVEvk+0fCSRY9Rstvmdt1QYIGr+OgN65
o9nQg3QCRAO2Ey6GvRPGxQZ6X6sbnZ1BchP8M28c/RFjkX2QN+jzSaow6lwbrcXO
xoFuGV/PnGoGuYMG/Ge1VZo2AYddd4tQgwmeDBylur1Md7OYtM+HEi3/LBD7jIw1
3+8loYinEN4uXPJ3bhSdV/v/FLRQWym6MAmJpVjwC/nnupd7iD0VFhQe6kY305Ws
EkMAT1gtuyMbinAYKPiljz6eX932yHroww6rSpUXiarl/Z04mEI0OA8BEAIwQC0E
vsKk/mES9QfPyrD1ZFcJD8RojgqOE1u/v4TgDeruDJYRZWhri0nAo3EzcwxwC4RQ
wqa/052Qb2zY4bFMhKUFtd2gKeBUI+A6tCTXmrig5BCbrPr8LOs+EbSWIl3VYJF4
lC0PLwOLAgWP7qBxAn+zzXW1SYqAdeAoz9P2jRQcpTGZUNfTYmQ5G0o6J6lg+YcB
sa2yAMFKrdM7+njzF8hbv7UCeCMQTqurMwqnGUAanTKmoPF6f0Zzbk6KB3Mzo/di
imcKm1uYwjeI+z061hVHrItyarCgvEFa6bMSPEpyDcG1LiLcyCbMhDJQNsFT7fDq
pjpQaOzPNUfcgeKxJgmhNGHi9cF6IKYpHRpzSiXWxs5/ZIriQNs=
=3r+u
-----END PGP SIGNATURE-----
pgp0BO_jV4VD5.pgp
Description: PGP signature
--- End Message ---
