Your message dated Fri, 22 Sep 2017 21:06:31 +0000
with message-id <e1dvv9b-000crj...@fasolo.debian.org>
and subject line Bug#844554: fixed in openjpeg2 2.2.0-1
has caused the Debian Bug report #844554,
regarding openjpeg2: CVE-2016-9115
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
844554: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844554
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/858
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-9115[0]:
| Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in
| OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a
| crafted j2k file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-9115
[1] https://github.com/uclouvain/openjpeg/issues/858
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openjpeg2
Source-Version: 2.2.0-1
We believe that the bug you reported is fixed in the latest version of
openjpeg2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 844...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mathieu Malaterre <ma...@debian.org> (supplier of updated openjpeg2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 22 Sep 2017 21:51:36 +0200
Source: openjpeg2
Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7
libopenjp2-7-dbg libopenjpip-dec-server libopenjpip-viewer libopenjpip-server
libopenjp3d-tools libopenjp2-tools
Architecture: source amd64 all
Version: 2.2.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Mathieu Malaterre <ma...@debian.org>
Description:
libopenjp2-7 - JPEG 2000 image compression/decompression library
libopenjp2-7-dbg - debug symbols for libopenjp2-7, a JPEG 2000 image library
libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library
libopenjp2-tools - command-line tools using the JPEG 2000 library
libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library
libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression
librar
libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP
protocol
libopenjpip-server - JPIP server for JPEG 2000 files
libopenjpip-viewer - JPEG 2000 java based viewer for advanced remote JPIP
access
libopenjpip7 - JPEG 2000 Interactive Protocol
Closes: 844552 844553 844554 844555 844556 872041
Changes:
openjpeg2 (2.2.0-1) unstable; urgency=medium
.
* New upstream release. Closes: #872041
* Fix CVE-2016-9113. Closes: #844552
* Fix CVE-2016-9114. Closes: #844553
* Fix CVE-2016-9115. Closes: #844554
* Fix CVE-2016-9116. Closes: #844555
* Fix CVE-2016-9117. Closes: #844556
Checksums-Sha1:
97ff8dc3cbb3cb95c601bf5d94e4e61c3b431297 2786 openjpeg2_2.2.0-1.dsc
2f36b87f7d5875aea1310208fcae6193f605780a 2043867 openjpeg2_2.2.0.orig.tar.gz
a33ca110a67e7757acd10c6f2d43de6d2d9d7f04 17460 openjpeg2_2.2.0-1.debian.tar.xz
459a4df4b28c241ef89adbed519cebbb9d81a050 1203632
libopenjp2-7-dbg_2.2.0-1_amd64.deb
372108cde89d84269644947a14b0d47d4e97e35e 40948
libopenjp2-7-dev_2.2.0-1_amd64.deb
7c71f1795096bd0ba59a54b7b8535017b013fad8 148514 libopenjp2-7_2.2.0-1_amd64.deb
a3dd8e8201cf0c3a5968082db9732335adf9761a 96810
libopenjp2-tools_2.2.0-1_amd64.deb
ca96a36b8d8a00af54db28c288f03c58e409271c 43636
libopenjp3d-tools_2.2.0-1_amd64.deb
288eca067497e902375bae89c94593d5cb7c64f0 86806 libopenjp3d7_2.2.0-1_amd64.deb
2c3f037f69de10dac89d2ead8e67208eebc7f2ff 30694
libopenjpip-dec-server_2.2.0-1_amd64.deb
f999dcbe1e41a3cdbb0fadc3067e516dcc2c4e70 53096
libopenjpip-server_2.2.0-1_amd64.deb
936c9bd713916ab04c4ff2ee2042dab670e52aa3 47208
libopenjpip-viewer_2.2.0-1_all.deb
cf7d606898be0791e1f65290e3424db355a918d0 62916 libopenjpip7_2.2.0-1_amd64.deb
cdff80b087bc32aa60d5220baa5cbbeb3d86cb19 14550
openjpeg2_2.2.0-1_amd64.buildinfo
Checksums-Sha256:
4605a2dc5d385b9fe1f226ca1f6f075179d9d05258d901ec6e40c17bb486964c 2786
openjpeg2_2.2.0-1.dsc
f73c0e2e689a1454a2ecc47f56a648d5f35e85fe882a4a2f8fdfe2e36e23b73f 2043867
openjpeg2_2.2.0.orig.tar.gz
0e1e770dff01f75826ac030b51b5d9f8eef9a574cdf73b978771bf313bc077c5 17460
openjpeg2_2.2.0-1.debian.tar.xz
6812ad939079d6f12df8782f8cbf70b74e9a3d6e14eb4607d215dffa8429bbff 1203632
libopenjp2-7-dbg_2.2.0-1_amd64.deb
3bddc0226f6e564212bff36b4dc85e6dc1adafdf164c37e6df88f2717681480d 40948
libopenjp2-7-dev_2.2.0-1_amd64.deb
cd889b18826ae207c82ac05ad9c7116d1da9f3f14d91d0938c436b06c7dd7d0d 148514
libopenjp2-7_2.2.0-1_amd64.deb
40f01d644879c924c1737613002abeb3ddbbcd43a72e48b3776813b84139276a 96810
libopenjp2-tools_2.2.0-1_amd64.deb
b7b9a1242c7d2b17df8b739b534dbe23383a9bb492a24df849dcc926aa66e16c 43636
libopenjp3d-tools_2.2.0-1_amd64.deb
5232c6f3dfe50f8ecc868e7c1a49ca0f277d4da218885c4efbf4129eda49dc36 86806
libopenjp3d7_2.2.0-1_amd64.deb
fd951f98f6dc90e5aff9c77268c43225fdf1767897e9cf9b1e6141fb4789ef65 30694
libopenjpip-dec-server_2.2.0-1_amd64.deb
26bf0a360eb84ccb5afea4869d4cbf0eadcd8ba4297fb26225c395bfe6c3a85d 53096
libopenjpip-server_2.2.0-1_amd64.deb
e55fea43e4befd6235760d2aaf902064105bc78b3c4644ce0bb487be0e51befa 47208
libopenjpip-viewer_2.2.0-1_all.deb
927fb5a403221dfdf08afbaae16b01b95058734353c9ebd34ab3c612bc8d5ce8 62916
libopenjpip7_2.2.0-1_amd64.deb
3195f04414485f4efb60af6c0ef56968d9bc8532c8ebcbc7ccc6bb02248ac661 14550
openjpeg2_2.2.0-1_amd64.buildinfo
Files:
def3e4e5b2cba13a07eb7e4c521a419d 2786 libs optional openjpeg2_2.2.0-1.dsc
3d06f0bd3203a50d5e297f7eff0a70ae 2043867 libs optional
openjpeg2_2.2.0.orig.tar.gz
5e254e054bfeb5a308bc547ef9792c65 17460 libs optional
openjpeg2_2.2.0-1.debian.tar.xz
84a3d1eed6cfb7dff6ea808dd9d2b88f 1203632 debug extra
libopenjp2-7-dbg_2.2.0-1_amd64.deb
3e15ea8c431a4a68cf883d7b57bd4ecc 40948 libdevel optional
libopenjp2-7-dev_2.2.0-1_amd64.deb
7d7929d890aad954425d88f05c505818 148514 libs optional
libopenjp2-7_2.2.0-1_amd64.deb
006eac77ca67a1227ec3a1c21bdfa5e7 96810 graphics optional
libopenjp2-tools_2.2.0-1_amd64.deb
ebd79a449c416ca5c4fab03f115ae9ae 43636 graphics optional
libopenjp3d-tools_2.2.0-1_amd64.deb
1dafcac12cb87a215a8e1df9c4fb42d6 86806 libs optional
libopenjp3d7_2.2.0-1_amd64.deb
4b9d0582355545e506ca8270d4bff861 30694 graphics optional
libopenjpip-dec-server_2.2.0-1_amd64.deb
d40334f80232b07e35b6223062ef7d2b 53096 graphics optional
libopenjpip-server_2.2.0-1_amd64.deb
0ddeb5bede4652f827798f663b00313c 47208 graphics optional
libopenjpip-viewer_2.2.0-1_all.deb
324081c30d151551a8d45610d57e23c5 62916 libs optional
libopenjpip7_2.2.0-1_amd64.deb
88963cbc9aa962077b78d3f123e89947 14550 libs optional
openjpeg2_2.2.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCAAvFiEEaTNn/67NjqrNHwY7AXHhgorgk0UFAlnFa5cRHG1hbGF0QGRl
Ymlhbi5vcmcACgkQAXHhgorgk0WY8A//dkWEeVrjBiBdTcF5lJvHIcVc5NjN6Ua/
HjYNcP8Ejw0rUQVeVWamD6r0ZwZlUpDxLSS1gsQyVzpsiq6Cpf6gODrv6v80Dg2Y
VEbcp8fvyYDbHrVcu6iZsBz5s6/5JQSjDnrD2DJ2KtDijvPG3dfWGWtBKzO7/DJ5
etdQzbeCLO9lls1bnVQvjmv+wKzkVZV72jKikzZhj7EP0EqdCzNWqDzC+fEI5JnP
c4TZpHCBU7iG0J+7uX2jzJut3HZTN/L524ecQn/LyKKX/5KakE3NiH038wSmSHmY
sndXqo8ATeP3Wktr1ig1Sv5zYpCkRht6XYiLtVNzduY2RGzgm0IWrdZmLpppTP8u
e3jLJf4H6eOOOlSVSZlgO/jOn8XZPkfXZoJdi9ANIfZL420jjiY62+JEpMnE1oyW
TI1gVqWWcoeSaJknMFNSVaJGihyi0KbRNcjfUkotUdJUWkAlYA7jMRtHJeQVp7Wz
mGi+wPbSpIlpyxwB3rSd6dw2NhLr8hG00NCCbI/ivljtjuPNNeqh5oi4wAXbxu+3
H/voeKwlg8nneE7fgywRjqbrE6jlDGBgKeDk5L0AGI8TR3bgRJiKNJunIojovbJb
sECqcO1lgpU0XqDppAXI3Q5qDD6WtklqmiadvIMlY8ERZre6viyzV80mxwalCulp
pyCI7f+pgX4=
=Uif1
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-phototools-devel mailing list
Pkg-phototools-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel