[ubuntu/plucky-proposed] openjpeg2 2.5.0-2ubuntu3 (Accepted)

Hlib Korzhynskyy hlib.korzhynskyy at canonical.com
Thu Jan 23 15:54:15 UTC 2025 

openjpeg2 (2.5.0-2ubuntu3) plucky; urgency=medium

  * SECURITY UPDATE: Heap buffer overflow.
    - debian/patches/CVE-2024-56826.patch: Add comp12w variable and
      comparisons in src/bin/common/color.c.
    - debian/patches/CVE-2024-56827.patch: Add l_current_tile_part comparison
      to check again total number of tile parts in src/bin/openjp2/j2k.c.
    - CVE-2024-56826
    - CVE-2024-56827

Date: Thu, 23 Jan 2025 09:24:35 -0330
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openjpeg2/2.5.0-2ubuntu3
-------------- next part --------------
Format: 1.8
Date: Thu, 23 Jan 2025 09:24:35 -0330
Source: openjpeg2
Built-For-Profiles: noudeb
Architecture: source
Version: 2.5.0-2ubuntu3
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Changes:
 openjpeg2 (2.5.0-2ubuntu3) plucky; urgency=medium
 .
   * SECURITY UPDATE: Heap buffer overflow.
     - debian/patches/CVE-2024-56826.patch: Add comp12w variable and
       comparisons in src/bin/common/color.c.
     - debian/patches/CVE-2024-56827.patch: Add l_current_tile_part comparison
       to check again total number of tile parts in src/bin/openjp2/j2k.c.
     - CVE-2024-56826
     - CVE-2024-56827
Checksums-Sha1:
 49e267ef337e15b647d073ea431e47c0c64a0017 2780 openjpeg2_2.5.0-2ubuntu3.dsc
 fc5be953b11864c665ac22cbd1fa1dfaa370e33f 19968 openjpeg2_2.5.0-2ubuntu3.debian.tar.xz
 ee47241e84ea3131475b95189a4a6de7134921aa 10183 openjpeg2_2.5.0-2ubuntu3_source.buildinfo
Checksums-Sha256:
 aa8cf562a4f20f2836da292422763a85b3e1ab552f0b6343f5c4556397673506 2780 openjpeg2_2.5.0-2ubuntu3.dsc
 04d4424e74f483e96e7926f989389cd6992f61ccc375f2c15a898c93f90fcced 19968 openjpeg2_2.5.0-2ubuntu3.debian.tar.xz
 69e28f6a93ab866827915a20535e51c0986cd9b845a5c555e5634d6e68311c28 10183 openjpeg2_2.5.0-2ubuntu3_source.buildinfo
Files:
 d374b933de478549ae975ad0ac54ee03 2780 libs optional openjpeg2_2.5.0-2ubuntu3.dsc
 67100be87c0af7776d54ed1f9b69b704 19968 libs optional openjpeg2_2.5.0-2ubuntu3.debian.tar.xz
 b2e4bedc6efd4d09df453174e9962836 10183 libs optional openjpeg2_2.5.0-2ubuntu3_source.buildinfo
Original-Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel at lists.alioth.debian.org>

More information about the plucky-changes mailing list