On Fri, Sep 09, 2016 at 02:04:39AM -0400, Leo Famulari wrote:
> Two bugs disclosed in OpenJPEG, CVE-2016-5157 and CVE-2016-7163. Both
> can be used to execute arbitrary code, apparently.
Ah! my favorite kind of code!
Joking aside, why not patch both CVEs at the same time?
>
> CVE-2016-7163:
> h
Two bugs disclosed in OpenJPEG, CVE-2016-5157 and CVE-2016-7163. Both
can be used to execute arbitrary code, apparently.
CVE-2016-7163:
http://seclists.org/oss-sec/2016/q3/442
CVE-2016-5157:
http://seclists.org/oss-sec/2016/q3/441
Leo Famulari (2):
gnu: openjpeg-2.*: Fix CVE-2016-7163.
gnu: