Your message dated Tue, 08 Oct 2019 12:19:26 +0000
with message-id <[email protected]>
and subject line Bug#939553: fixed in openjpeg2 2.3.1-1
has caused the Debian Bug report #939553,
regarding openjpeg2: CVE-2018-21010
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
939553: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939553
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openjpeg2
Version: 2.3.0-2
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for openjpeg2.
CVE-2018-21010[0]:
| OpenJPEG before 2.3.1 has a heap buffer overflow in
| color_apply_icc_profile in bin/common/color.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-21010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21010
[1]
https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openjpeg2
Source-Version: 2.3.1-1
We believe that the bug you reported is fixed in the latest version of
openjpeg2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hugo Lefeuvre <[email protected]> (supplier of updated openjpeg2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 07 Oct 2019 13:46:43 +0200
Source: openjpeg2
Architecture: source
Version: 2.3.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: Hugo Lefeuvre <[email protected]>
Closes: 846390 888532 931294 939553
Changes:
openjpeg2 (2.3.1-1) unstable; urgency=medium
.
* New upstream release, addressing following security issues:
- CVE-2018-20847 (Closes: #931294)
- CVE-2018-21010 (Closes: #939553)
- CVE-2018-5727 (Closes: #888532)
* Remove following patches, applied upstream:
- CVE-2017-17480.patch
- CVE-2018-14423.patch
- CVE-2018-18088.patch
- CVE-2018-5785.patch
- CVE-2018-6616.patch
* Remove debian/patches/multiarch_path.patch:
- useless since latest upstream changes.
* Bump Standards-Version to 4.4.1.
* Refresh and rework manpages.
* Remove debian/README.source (Closes: #846390).
Checksums-Sha1:
7f16ed4443daff92665599c62cd125a72c094af7 2585 openjpeg2_2.3.1-1.dsc
31cf2775867e2687be0eb5b53059483e6039041b 1381768 openjpeg2_2.3.1.orig.tar.xz
4a79ae05c3b4ebda63f4e0a6694d4028497b5d1b 18456 openjpeg2_2.3.1-1.debian.tar.xz
3d7d84de66dcb984cb34773b28ae69605ec20338 15991
openjpeg2_2.3.1-1_amd64.buildinfo
Checksums-Sha256:
5d7d50db6a138c9f7a92563375cd95955651f63131a765e83e1722ef4aa72b1c 2585
openjpeg2_2.3.1-1.dsc
69d39843a25f1a482e1b568fd042eb34837ffc0d708ab7717edeb52e592ecbeb 1381768
openjpeg2_2.3.1.orig.tar.xz
ae77564e1fb581fbed5a6bc09e6948de018f0c457f6b7c9d34721985d236c9fe 18456
openjpeg2_2.3.1-1.debian.tar.xz
6ce0f7d3aecfe0dcfb436cfefd397e44981fadfaceed0caa321d3acee8b1adb0 15991
openjpeg2_2.3.1-1_amd64.buildinfo
Files:
ecb48e76e7d5e339bd0114cfcc2ed202 2585 libs optional openjpeg2_2.3.1-1.dsc
201deabad6f8e7eef013861ab64f7c59 1381768 libs optional
openjpeg2_2.3.1.orig.tar.xz
b482728cb471f867309a086ad711a711 18456 libs optional
openjpeg2_2.3.1-1.debian.tar.xz
cf1bab47a164359374320201d01f5955 15991 libs optional
openjpeg2_2.3.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQHDBAEBCgAtFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl2cet8PHGhsZUBkZWJp
YW4ub3JnAAoJEBHjBY5eRBpCM0YL/2OVmzXicLkYu5s+hojTHED6b2RfG1Vn4QMc
AdavSomQb3oe1MwsxDz9+LHEudKvjkLhmAUkOSa8jzVjJHDhbeHPrFOSq+3oqPj9
erCNkg63RjldTLwaajQS2tFIYzydIDWKRMGjyzzW+YXka1nkZsSfSUBDdWQWWALY
a1rqGZtoBQT7S43vGutujKjbnsf8jD0jZbsdJENlJc939zrIk9rPdYV449MH0+dD
ill6ZLzPxeNndNvqlYHPC5In61RoG56ta4NPqHvdy0Lkt4/k7+EmQ8publQgD8wK
UxU4wp0ePrVpj0ehmEAqzyvGb4/zrqcR/rj1ybMbCP4E5YevsAvmfO2lSr41+1DD
WivNWWRaIqZeiRZOHK9GryODENkJeX9W5rKLFcnLnmMNglLaKOPRLeLToJdPm2NM
cqVqcKrclM+MIgD9G4lqq3gL1+sywUrIkzhqb1OobqGvhs39gzi0pnqw6qvy/okU
OdmcsghNC/X4TslY8ztPBmTeI7CG9A==
=20QH
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-phototools-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-phototools-devel
