Your message dated Fri, 22 Sep 2017 21:06:31 +0000
with message-id <e1dvv9b-000crj...@fasolo.debian.org>
and subject line Bug#844554: fixed in openjpeg2 2.2.0-1
has caused the Debian Bug report #844554,
regarding openjpeg2: CVE-2016-9115
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
844554: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844554
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/858

Hi,

the following vulnerability was published for openjpeg2.

CVE-2016-9115[0]:
| Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in
| OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a
| crafted j2k file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-9115
[1] https://github.com/uclouvain/openjpeg/issues/858

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: openjpeg2
Source-Version: 2.2.0-1

We believe that the bug you reported is fixed in the latest version of
openjpeg2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 844...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mathieu Malaterre <ma...@debian.org> (supplier of updated openjpeg2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 22 Sep 2017 21:51:36 +0200
Source: openjpeg2
Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7 
libopenjp2-7-dbg libopenjpip-dec-server libopenjpip-viewer libopenjpip-server 
libopenjp3d-tools libopenjp2-tools
Architecture: source amd64 all
Version: 2.2.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers 
<pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Mathieu Malaterre <ma...@debian.org>
Description:
 libopenjp2-7 - JPEG 2000 image compression/decompression library
 libopenjp2-7-dbg - debug symbols for libopenjp2-7, a JPEG 2000 image library
 libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library
 libopenjp2-tools - command-line tools using the JPEG 2000 library
 libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library
 libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression 
librar
 libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP 
protocol
 libopenjpip-server - JPIP server for JPEG 2000 files
 libopenjpip-viewer - JPEG 2000 java based viewer for advanced remote JPIP 
access
 libopenjpip7 - JPEG 2000 Interactive Protocol
Closes: 844552 844553 844554 844555 844556 872041
Changes:
 openjpeg2 (2.2.0-1) unstable; urgency=medium
 .
   * New upstream release. Closes: #872041
   * Fix CVE-2016-9113. Closes: #844552
   * Fix CVE-2016-9114. Closes: #844553
   * Fix CVE-2016-9115. Closes: #844554
   * Fix CVE-2016-9116. Closes: #844555
   * Fix CVE-2016-9117. Closes: #844556
Checksums-Sha1:
 97ff8dc3cbb3cb95c601bf5d94e4e61c3b431297 2786 openjpeg2_2.2.0-1.dsc
 2f36b87f7d5875aea1310208fcae6193f605780a 2043867 openjpeg2_2.2.0.orig.tar.gz
 a33ca110a67e7757acd10c6f2d43de6d2d9d7f04 17460 openjpeg2_2.2.0-1.debian.tar.xz
 459a4df4b28c241ef89adbed519cebbb9d81a050 1203632 
libopenjp2-7-dbg_2.2.0-1_amd64.deb
 372108cde89d84269644947a14b0d47d4e97e35e 40948 
libopenjp2-7-dev_2.2.0-1_amd64.deb
 7c71f1795096bd0ba59a54b7b8535017b013fad8 148514 libopenjp2-7_2.2.0-1_amd64.deb
 a3dd8e8201cf0c3a5968082db9732335adf9761a 96810 
libopenjp2-tools_2.2.0-1_amd64.deb
 ca96a36b8d8a00af54db28c288f03c58e409271c 43636 
libopenjp3d-tools_2.2.0-1_amd64.deb
 288eca067497e902375bae89c94593d5cb7c64f0 86806 libopenjp3d7_2.2.0-1_amd64.deb
 2c3f037f69de10dac89d2ead8e67208eebc7f2ff 30694 
libopenjpip-dec-server_2.2.0-1_amd64.deb
 f999dcbe1e41a3cdbb0fadc3067e516dcc2c4e70 53096 
libopenjpip-server_2.2.0-1_amd64.deb
 936c9bd713916ab04c4ff2ee2042dab670e52aa3 47208 
libopenjpip-viewer_2.2.0-1_all.deb
 cf7d606898be0791e1f65290e3424db355a918d0 62916 libopenjpip7_2.2.0-1_amd64.deb
 cdff80b087bc32aa60d5220baa5cbbeb3d86cb19 14550 
openjpeg2_2.2.0-1_amd64.buildinfo
Checksums-Sha256:
 4605a2dc5d385b9fe1f226ca1f6f075179d9d05258d901ec6e40c17bb486964c 2786 
openjpeg2_2.2.0-1.dsc
 f73c0e2e689a1454a2ecc47f56a648d5f35e85fe882a4a2f8fdfe2e36e23b73f 2043867 
openjpeg2_2.2.0.orig.tar.gz
 0e1e770dff01f75826ac030b51b5d9f8eef9a574cdf73b978771bf313bc077c5 17460 
openjpeg2_2.2.0-1.debian.tar.xz
 6812ad939079d6f12df8782f8cbf70b74e9a3d6e14eb4607d215dffa8429bbff 1203632 
libopenjp2-7-dbg_2.2.0-1_amd64.deb
 3bddc0226f6e564212bff36b4dc85e6dc1adafdf164c37e6df88f2717681480d 40948 
libopenjp2-7-dev_2.2.0-1_amd64.deb
 cd889b18826ae207c82ac05ad9c7116d1da9f3f14d91d0938c436b06c7dd7d0d 148514 
libopenjp2-7_2.2.0-1_amd64.deb
 40f01d644879c924c1737613002abeb3ddbbcd43a72e48b3776813b84139276a 96810 
libopenjp2-tools_2.2.0-1_amd64.deb
 b7b9a1242c7d2b17df8b739b534dbe23383a9bb492a24df849dcc926aa66e16c 43636 
libopenjp3d-tools_2.2.0-1_amd64.deb
 5232c6f3dfe50f8ecc868e7c1a49ca0f277d4da218885c4efbf4129eda49dc36 86806 
libopenjp3d7_2.2.0-1_amd64.deb
 fd951f98f6dc90e5aff9c77268c43225fdf1767897e9cf9b1e6141fb4789ef65 30694 
libopenjpip-dec-server_2.2.0-1_amd64.deb
 26bf0a360eb84ccb5afea4869d4cbf0eadcd8ba4297fb26225c395bfe6c3a85d 53096 
libopenjpip-server_2.2.0-1_amd64.deb
 e55fea43e4befd6235760d2aaf902064105bc78b3c4644ce0bb487be0e51befa 47208 
libopenjpip-viewer_2.2.0-1_all.deb
 927fb5a403221dfdf08afbaae16b01b95058734353c9ebd34ab3c612bc8d5ce8 62916 
libopenjpip7_2.2.0-1_amd64.deb
 3195f04414485f4efb60af6c0ef56968d9bc8532c8ebcbc7ccc6bb02248ac661 14550 
openjpeg2_2.2.0-1_amd64.buildinfo
Files:
 def3e4e5b2cba13a07eb7e4c521a419d 2786 libs optional openjpeg2_2.2.0-1.dsc
 3d06f0bd3203a50d5e297f7eff0a70ae 2043867 libs optional 
openjpeg2_2.2.0.orig.tar.gz
 5e254e054bfeb5a308bc547ef9792c65 17460 libs optional 
openjpeg2_2.2.0-1.debian.tar.xz
 84a3d1eed6cfb7dff6ea808dd9d2b88f 1203632 debug extra 
libopenjp2-7-dbg_2.2.0-1_amd64.deb
 3e15ea8c431a4a68cf883d7b57bd4ecc 40948 libdevel optional 
libopenjp2-7-dev_2.2.0-1_amd64.deb
 7d7929d890aad954425d88f05c505818 148514 libs optional 
libopenjp2-7_2.2.0-1_amd64.deb
 006eac77ca67a1227ec3a1c21bdfa5e7 96810 graphics optional 
libopenjp2-tools_2.2.0-1_amd64.deb
 ebd79a449c416ca5c4fab03f115ae9ae 43636 graphics optional 
libopenjp3d-tools_2.2.0-1_amd64.deb
 1dafcac12cb87a215a8e1df9c4fb42d6 86806 libs optional 
libopenjp3d7_2.2.0-1_amd64.deb
 4b9d0582355545e506ca8270d4bff861 30694 graphics optional 
libopenjpip-dec-server_2.2.0-1_amd64.deb
 d40334f80232b07e35b6223062ef7d2b 53096 graphics optional 
libopenjpip-server_2.2.0-1_amd64.deb
 0ddeb5bede4652f827798f663b00313c 47208 graphics optional 
libopenjpip-viewer_2.2.0-1_all.deb
 324081c30d151551a8d45610d57e23c5 62916 libs optional 
libopenjpip7_2.2.0-1_amd64.deb
 88963cbc9aa962077b78d3f123e89947 14550 libs optional 
openjpeg2_2.2.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCAAvFiEEaTNn/67NjqrNHwY7AXHhgorgk0UFAlnFa5cRHG1hbGF0QGRl
Ymlhbi5vcmcACgkQAXHhgorgk0WY8A//dkWEeVrjBiBdTcF5lJvHIcVc5NjN6Ua/
HjYNcP8Ejw0rUQVeVWamD6r0ZwZlUpDxLSS1gsQyVzpsiq6Cpf6gODrv6v80Dg2Y
VEbcp8fvyYDbHrVcu6iZsBz5s6/5JQSjDnrD2DJ2KtDijvPG3dfWGWtBKzO7/DJ5
etdQzbeCLO9lls1bnVQvjmv+wKzkVZV72jKikzZhj7EP0EqdCzNWqDzC+fEI5JnP
c4TZpHCBU7iG0J+7uX2jzJut3HZTN/L524ecQn/LyKKX/5KakE3NiH038wSmSHmY
sndXqo8ATeP3Wktr1ig1Sv5zYpCkRht6XYiLtVNzduY2RGzgm0IWrdZmLpppTP8u
e3jLJf4H6eOOOlSVSZlgO/jOn8XZPkfXZoJdi9ANIfZL420jjiY62+JEpMnE1oyW
TI1gVqWWcoeSaJknMFNSVaJGihyi0KbRNcjfUkotUdJUWkAlYA7jMRtHJeQVp7Wz
mGi+wPbSpIlpyxwB3rSd6dw2NhLr8hG00NCCbI/ivljtjuPNNeqh5oi4wAXbxu+3
H/voeKwlg8nneE7fgywRjqbrE6jlDGBgKeDk5L0AGI8TR3bgRJiKNJunIojovbJb
sECqcO1lgpU0XqDppAXI3Q5qDD6WtklqmiadvIMlY8ERZre6viyzV80mxwalCulp
pyCI7f+pgX4=
=Uif1
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
Pkg-phototools-devel mailing list
Pkg-phototools-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel

Reply via email to