[ubuntu/hirsute-proposed] openjpeg2 2.3.1-1ubuntu5 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Jan 7 16:04:14 UTC 2021
openjpeg2 (2.3.1-1ubuntu5) hirsute; urgency=medium
* SECURITY UPDATE: use-after-free via directory
- debian/patches/CVE-2020-15389.patch: fix double-free on input
directory with mix of valid and invalid images in
src/bin/jp2/opj_decompress.c.
- CVE-2020-15389
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2020-27814-1.patch: grow buffer size in
src/lib/openjp2/tcd.c.
- debian/patches/CVE-2020-27814-2.patch: grow it again
- debian/patches/CVE-2020-27814-3.patch: and some more
- debian/patches/CVE-2020-27814-4.patch: bigger, BIGGER!!!
- CVE-2020-27814
* SECURITY UPDATE: heap-buffer-overflow write
- debian/patches/CVE-2020-27823.patch: fix wrong computation in
src/bin/jp2/convertpng.c.
- CVE-2020-27823
* SECURITY UPDATE: global-buffer-overflow
- debian/patches/CVE-2020-27824.patch: avoid global buffer overflow on
irreversible conversion when too many decomposition levels are
specified in src/lib/openjp2/dwt.c.
- CVE-2020-27824
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2020-27841.patch: add extra checks to
src/lib/openjp2/pi.c, src/lib/openjp2/pi.h, src/lib/openjp2/t2.c.
- CVE-2020-27841
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2020-27842.patch: add check to
src/lib/openjp2/t2.c.
- CVE-2020-27842
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2020-27843.patch: add check to
src/lib/openjp2/t2.c.
- CVE-2020-27843
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2020-27845.patch: add extra checks to
src/lib/openjp2/pi.c.
- CVE-2020-27845
Date: Wed, 06 Jan 2021 09:44:46 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openjpeg2/2.3.1-1ubuntu5
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 06 Jan 2021 09:44:46 -0500
Source: openjpeg2
Architecture: source
Version: 2.3.1-1ubuntu5
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
openjpeg2 (2.3.1-1ubuntu5) hirsute; urgency=medium
.
* SECURITY UPDATE: use-after-free via directory
- debian/patches/CVE-2020-15389.patch: fix double-free on input
directory with mix of valid and invalid images in
src/bin/jp2/opj_decompress.c.
- CVE-2020-15389
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2020-27814-1.patch: grow buffer size in
src/lib/openjp2/tcd.c.
- debian/patches/CVE-2020-27814-2.patch: grow it again
- debian/patches/CVE-2020-27814-3.patch: and some more
- debian/patches/CVE-2020-27814-4.patch: bigger, BIGGER!!!
- CVE-2020-27814
* SECURITY UPDATE: heap-buffer-overflow write
- debian/patches/CVE-2020-27823.patch: fix wrong computation in
src/bin/jp2/convertpng.c.
- CVE-2020-27823
* SECURITY UPDATE: global-buffer-overflow
- debian/patches/CVE-2020-27824.patch: avoid global buffer overflow on
irreversible conversion when too many decomposition levels are
specified in src/lib/openjp2/dwt.c.
- CVE-2020-27824
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2020-27841.patch: add extra checks to
src/lib/openjp2/pi.c, src/lib/openjp2/pi.h, src/lib/openjp2/t2.c.
- CVE-2020-27841
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2020-27842.patch: add check to
src/lib/openjp2/t2.c.
- CVE-2020-27842
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2020-27843.patch: add check to
src/lib/openjp2/t2.c.
- CVE-2020-27843
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2020-27845.patch: add extra checks to
src/lib/openjp2/pi.c.
- CVE-2020-27845
Checksums-Sha1:
8f03a465ecb84cbfb6fc040447cb09db15a54009 2842 openjpeg2_2.3.1-1ubuntu5.dsc
77e23df658bc33ba56b4cbcf647e948d3bf80698 25156 openjpeg2_2.3.1-1ubuntu5.debian.tar.xz
542881ee45de099cd7acb92a16d9f85a4d3974fd 8845 openjpeg2_2.3.1-1ubuntu5_source.buildinfo
Checksums-Sha256:
ebec89144dfce804148d3ebad3fd44f4f04fb00af01f6797744ceb331cff851c 2842 openjpeg2_2.3.1-1ubuntu5.dsc
f4fafea7bff838d4f7dc6f8081ab4d93fdc36064b3c4bbcd8964e1f7c89b76cd 25156 openjpeg2_2.3.1-1ubuntu5.debian.tar.xz
bae3f42c34b9c35f8c1349cf0ad5461e2f2a9db9dee9e788d5f42bb5d1f41f0d 8845 openjpeg2_2.3.1-1ubuntu5_source.buildinfo
Files:
c635daa7d44a94f385624e737412eb46 2842 libs optional openjpeg2_2.3.1-1ubuntu5.dsc
98533fee18d48122f7190760de98fbc6 25156 libs optional openjpeg2_2.3.1-1ubuntu5.debian.tar.xz
b04da5cb1693659e8ab642a6970a726d 8845 libs optional openjpeg2_2.3.1-1ubuntu5_source.buildinfo
Original-Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl/3L6cACgkQZWnYVadE
vpNsRw//fOMQXRT6EPhoWSsh0nO0++utF+s+OlbgnPPgt55SKPGK6aSIv/6IbkYj
jub28CSUuDV+abdTj2EUXxnCZt/37CRpgYDLSFkRLt2djUCWRhUmFQrIBMPK/0LA
HthjcZ3ncxIKDJbY2x6wmU/8A+MNKjnxkWLNjz12yOVkID1jgcPePIUj8jmFHxPy
sY1QHXbkW20TGoCa6BadVpUIhqsxMHBFr9TQIl2Vq3X/f/mti2rDfpmmHvhpSNdA
HBlB04r+K7GaJwB02pQKqS3BEM+luOKq2jzDWU/UoAPBFh1eTC4c+QenRPicmqzZ
yLKzjT5/9CCI09+hM4NOWDtPZCKswctEwuWmPIy3GgqmaDUIfWr/X0Q0nHD72+ZW
Hs5tpTjsnydHqsn04AT+IuRL5+7X9K5HlDTYRKfRkUA/nSREWAU6ny+l2j9Roezz
wezyHg6LAO8vK9nVpVpu5sGoE4LGLfuF+eYIW+hkzU6yiavtGnfpPAwXvvG8j0Uz
6WvRBClfRoN4MKiAHe0ndp/xAsVvTam6f2OTuq3PUJtIHIcUA2Ohnt8b8V1avZm0
Bn/Uh6rakgn/h8agZSFy1o9WI0ER05uJUk+1GYGeNkSy9EnpDYpZvAnCw/eRGSEP
ZdyDRSV1GaNxlpsQ8SSzGAUAo66uWQ8WCVJFn3IwwJnTokznpTs=
=/X0f
-----END PGP SIGNATURE-----
More information about the Hirsute-changes
mailing list