On Fri, Sep 09, 2016 at 02:04:39AM -0400, Leo Famulari wrote: > Two bugs disclosed in OpenJPEG, CVE-2016-5157 and CVE-2016-7163. Both > can be used to execute arbitrary code, apparently.
Ah! my favorite kind of code! Joking aside, why not patch both CVEs at the same time? > > CVE-2016-7163: > http://seclists.org/oss-sec/2016/q3/442 > > CVE-2016-5157: > http://seclists.org/oss-sec/2016/q3/441 > > Leo Famulari (2): > gnu: openjpeg-2.*: Fix CVE-2016-7163. > gnu: openjpeg-2.*: Fix CVE-2016-5157. > > gnu/local.mk | 2 + > gnu/packages/image.scm | 8 +- > gnu/packages/patches/openjpeg-CVE-2016-5157.patch | 98 > +++++++++++++++++++++++ > gnu/packages/patches/openjpeg-CVE-2016-7163.patch | 71 ++++++++++++++++ > 4 files changed, 177 insertions(+), 2 deletions(-) > create mode 100644 gnu/packages/patches/openjpeg-CVE-2016-5157.patch > create mode 100644 gnu/packages/patches/openjpeg-CVE-2016-7163.patch > > -- > 2.10.0 > > -- Efraim Flashner <efr...@flashner.co.il> אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted
signature.asc
Description: PGP signature
