Two bugs disclosed in OpenJPEG, CVE-2016-5157 and CVE-2016-7163. Both can be used to execute arbitrary code, apparently.
CVE-2016-7163: http://seclists.org/oss-sec/2016/q3/442 CVE-2016-5157: http://seclists.org/oss-sec/2016/q3/441 Leo Famulari (2): gnu: openjpeg-2.*: Fix CVE-2016-7163. gnu: openjpeg-2.*: Fix CVE-2016-5157. gnu/local.mk | 2 + gnu/packages/image.scm | 8 +- gnu/packages/patches/openjpeg-CVE-2016-5157.patch | 98 +++++++++++++++++++++++ gnu/packages/patches/openjpeg-CVE-2016-7163.patch | 71 ++++++++++++++++ 4 files changed, 177 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/openjpeg-CVE-2016-5157.patch create mode 100644 gnu/packages/patches/openjpeg-CVE-2016-7163.patch -- 2.10.0
