Your message dated Sat, 16 May 2026 23:35:13 +0000
with message-id <[email protected]>
and subject line Bug#1133832: fixed in openjpeg2 2.5.3-2.1~deb13u2
has caused the Debian Bug report #1133832,
regarding openjpeg2: CVE-2026-6192
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1133832: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133832
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openjpeg2
Version: 2.5.4-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/1619
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for openjpeg2.
CVE-2026-6192[0]:
| A vulnerability was identified in uclouvain openjpeg up to 2.5.4.
| This impacts the function opj_pi_initialise_encode in the library
| src/lib/openjp2/pi.c. The manipulation leads to integer overflow.
| The attack must be carried out locally. The exploit is publicly
| available and might be used. The identifier of the patch is
| 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install
| a patch to address this issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-6192
https://www.cve.org/CVERecord?id=CVE-2026-6192
[1] https://github.com/uclouvain/openjpeg/issues/1619
[2] https://github.com/uclouvain/openjpeg/pull/1628
[3]
https://github.com/uclouvain/openjpeg/commit/839936aa33eb8899bbbd80fda02796bb65068951
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openjpeg2
Source-Version: 2.5.3-2.1~deb13u2
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
openjpeg2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated openjpeg2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 12 May 2026 15:10:49 +0200
Source: openjpeg2
Architecture: source
Version: 2.5.3-2.1~deb13u2
Distribution: trixie-security
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 1133832
Changes:
openjpeg2 (2.5.3-2.1~deb13u2) trixie-security; urgency=medium
.
* CVE-2026-6192 (Closes: #1133832)
Checksums-Sha1:
20b80b0d3fbb45061c7525dc7859d545e72aac59 2603 openjpeg2_2.5.3-2.1~deb13u2.dsc
8a421c5c7de353693c39468144429ee28ff4c718 1393716 openjpeg2_2.5.3.orig.tar.xz
89f74c6930ae2c5445dfd22ebf4be5a8c4de84c4 16136
openjpeg2_2.5.3-2.1~deb13u2.debian.tar.xz
a6aead7067b3b70b3a03208f38f31ba7ed5a9ae3 17580
openjpeg2_2.5.3-2.1~deb13u2_amd64.buildinfo
Checksums-Sha256:
7c4f7083a180f1c509c87b39dd017b857468819c7a37d188b9d269624547f58f 2603
openjpeg2_2.5.3-2.1~deb13u2.dsc
3100f0316e922630112cf6d72c0c20776896e64ad7eab72c2f713c460287eb92 1393716
openjpeg2_2.5.3.orig.tar.xz
a9d861cd8f22249876a589b56ebcceed101a0ea17155258f3d778de13b619441 16136
openjpeg2_2.5.3-2.1~deb13u2.debian.tar.xz
242956da01e0985ee47d7bb5c555583006bff7ee9466f1a45ac547dd730adad1 17580
openjpeg2_2.5.3-2.1~deb13u2_amd64.buildinfo
Files:
f05a3a65960f41ba1dba1166131e2fc0 2603 libs optional
openjpeg2_2.5.3-2.1~deb13u2.dsc
d12a0697d3af28141fe30bfad119c086 1393716 libs optional
openjpeg2_2.5.3.orig.tar.xz
aa722d2061f5f27db490f7e52bbb28d9 16136 libs optional
openjpeg2_2.5.3-2.1~deb13u2.debian.tar.xz
dfb5e8b9a2aeab038fad708411d30c02 17580 libs optional
openjpeg2_2.5.3-2.1~deb13u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoDKD4ACgkQEMKTtsN8
TjbOHQ/9FAUps4j2nrqu4fitAO14FOitD6HBZn6d88RX4MRCpR3ci5uUJGjgrfeW
Mq3aw66e4egNce6Pc3MQoyCHJyNqombwMO4rkRe6KZYzpty16DimMWBg2/6xaUz+
8Ct1s2kyJKzfSzzRGpD7RlmjBTP50y7rpRvrzcP8OF3TRiF4uhdV9IgoZ7e8IeAn
wJGaARTLw6OCRIuj/ZSIcSGH9lT8MXh4vOFkRoNrEr9wdEtz23p2XPwDUUVfRaHR
idhPEp9gX57VxPh/rLvcxr3QZ60TLOq9ZSEF2/8jMEEDLtG2pD7BDZCAgTqg+f+m
Xv7e/ZVns0jF0s+2hKnjsST1vpYsi1PzeOQyQC0teJ0dsmSn8VccDZAySRyD7hl5
OdOlNajE/kDGyp9FLc/QLF7l3lnuU+QBdK4Tlw4O+nZcmFqz5QLIHbeP+Jsa12DU
xVaL14z4cWJPX82oIKSF6c/CinSGvuHlbYMswyocOTmV/VYuJGfq2ZWgRU66Wh19
fcTg95YBP29GcV2R5STzy3nbOO2u6QouREEGqBg/kgSlC/2MQtN7mMrFt/F8Gqdh
3Cwav2zgEKVWjZtQkDwCD98VBqnlmuovXI0EeWhGW9RvUHDDA1502w31OkaRyxA2
8pFJKAx9cbQrExjomwbf+2zIoXvgdRINY6HTfYBbS3gWiL5TUv4=
=dBqw
-----END PGP SIGNATURE-----
pgpBF_ldk5NsX.pgp
Description: PGP signature
--- End Message ---
