[Pkg-phototools-devel] Bug#743372: marked as done (openjpeg: CVE-2014-0158: Heap-based buffer overflow in JPEG2000 image tile decoder)

Wed, 02 Apr 2014 02:13:23 -0700 

Your message dated Wed, 2 Apr 2014 11:08:22 +0200
with message-id <20140402090822.GA11252@eldamar.local>
and subject line Re: Bug#743372: openjpeg: CVE-2014-0158: Heap-based buffer 
overflow in JPEG2000 image tile decoder
has caused the Debian Bug report #743372,
regarding openjpeg: CVE-2014-0158: Heap-based buffer overflow in JPEG2000 image 
tile decoder
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
743372: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743372
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: openjpeg
Severity: grave
Tags: security upstream

Hi,

the following vulnerability was published for openjpeg.

CVE-2014-0158[0]:
Heap-based buffer overflow in JPEG2000 image tile decoder

More information are on the Red Hat bugzilla[1].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0158
    https://security-tracker.debian.org/tracker/CVE-2014-0158
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1082925

Please adjust the affected versions in the BTS as needed. I only
quickly checked unstable which seems to apply. Could you check if
oldstable and stable are also affected by this problem?

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
On Wed, Apr 02, 2014 at 09:33:26AM +0200, Salvatore Bonaccorso wrote:
[...]
> the following vulnerability was published for openjpeg.
> 
> CVE-2014-0158[0]:
> Heap-based buffer overflow in JPEG2000 image tile decoder
> 
> More information are on the Red Hat bugzilla[1].
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0158
>     https://security-tracker.debian.org/tracker/CVE-2014-0158
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1082925
> 
> Please adjust the affected versions in the BTS as needed. I only
> quickly checked unstable which seems to apply. Could you check if
> oldstable and stable are also affected by this problem?

This is a dublicate of CVE-2013-1447, see [1].

 [1] http://www.openwall.com/lists/oss-security/2014/04/02/2

Closing the bugreport, sorry for the noise.

Regards,
Salvatore

--- End Message ---
_______________________________________________
Pkg-phototools-devel mailing list
Pkg-phototools-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel

Reply via email to