Public bug reported: The patch for CVE-2013-6045, as shipped in Ubuntu 10.04, 12.04, and 14.04, disables decoding of images whose first color component has a higher resolution than subsequent components. This occurs, for example, in YCbCr images with chroma subsampling. This regression does not affect newer Ubuntu releases which ship OpenJPEG 1.5.2 or above.
The original Debian bug report is <https://bugs.debian.org/734238>. Debian released an updated DSA on April 22 to correct the regression (https://lists.debian.org/debian-security-announce/2014/msg00090.html), but the fix has not propagated to Ubuntu. ** Affects: openjpeg (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openjpeg in Ubuntu. https://bugs.launchpad.net/bugs/1404084 Title: Fix for CVE-2013-6045 breaks decoding of chroma-subsampled images Status in openjpeg package in Ubuntu: New Bug description: The patch for CVE-2013-6045, as shipped in Ubuntu 10.04, 12.04, and 14.04, disables decoding of images whose first color component has a higher resolution than subsequent components. This occurs, for example, in YCbCr images with chroma subsampling. This regression does not affect newer Ubuntu releases which ship OpenJPEG 1.5.2 or above. The original Debian bug report is <https://bugs.debian.org/734238>. Debian released an updated DSA on April 22 to correct the regression (https://lists.debian.org/debian-security- announce/2014/msg00090.html), but the fix has not propagated to Ubuntu. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjpeg/+bug/1404084/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
