Bug#886675: opencv: CVE-2018-5269
On Tue, Jan 29, 2019 at 04:44:24PM +0100, Moritz Mühlenhoff wrote: > There is a number of open opencv issues in buster which are > only fixed in experimental: > https://security-tracker.debian.org/tracker/source-package/opencv > > Given that no new library transitions are happening, what's > the plan for getting these into buster? Indeed sadly it seems it's too late for starting the transition after all. Ubuntu has applied a bunch of patches to the old version, I suppose we could/should do the same. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Bug#886675: opencv: CVE-2018-5269
On Thu, Dec 06, 2018 at 01:33:05AM +, Mo Zhou wrote: > control: tags -1 +fixed-in-experimental > > 3.4.4+dfsg-1~exp1 There is a number of open opencv issues in buster which are only fixed in experimental: https://security-tracker.debian.org/tracker/source-package/opencv Given that no new library transitions are happening, what's the plan for getting these into buster? Cheers, Moritz
Bug#886675: opencv: CVE-2018-5269
control: tags -1 +fixed-in-experimental 3.4.4+dfsg-1~exp1
Bug#886675: opencv: CVE-2018-5269
Source: opencv Version: 3.2.0+dfsg-1 Severity: important Tags: security upstream Forwarded: https://github.com/opencv/opencv/issues/10540 Hi, the following vulnerability was published for opencv. CVE-2018-5269[0]: | In OpenCV 3.3.1, an assertion failure happens in | cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of | an incorrect integer cast. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-5269 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5269 Please adjust the affected versions in the BTS as needed. Regards, Salvatore