[ubuntu/disco-proposed] opencv 3.2.0+dfsg-5ubuntu1 (Accepted)

Gianfranco Costamagna locutusofborg at debian.org
Wed Nov 28 18:38:21 UTC 2018


opencv (3.2.0+dfsg-5ubuntu1) disco; urgency=low

  * Merge from Debian unstable.  Remaining changes:
  * SECURITY UPDATE: Out-of-bounds read/write errors and buffer
    overflows in different functions.
    - debian/patches/CVE-2017-several.patch: fix in bitstrm.cpp,
      bitstrm.hpp, grfmt_bmp.cpp, grfmt_pxm.cpp, loadsave.cpp,
      test_grfmt.cpp and cuda_test.cpp.
    - CVE-2016-1516
    - CVE-2016-1517
    - CVE-2017-12597
    - CVE-2017-12598
    - CVE-2017-12599
    - CVE-2017-12600
    - CVE-2017-12601
    - CVE-2017-12602
    - CVE-2017-12603
    - CVE-2017-12604
    - CVE-2017-12605
    - CVE-2017-12606
    - CVE-2017-12862
    - CVE-2017-12863
    - CVE-2017-12864
  * SECURITY UPDATE: Out of bound write cause segmentation fault
    - debian/patches/CVE-2017-14136.patch: fix in grfmt_bmp.cpp,
      grfmt_exr.cpp, grfmt_jpeg.cpp, grfmt_jpeg2000.cpp,
      grfmt_pam.cpp, grfmt_sunras.cpp, utils.cpp and utils.hpp.
    - CVE-2017-14136
  * SECURITY UPDATE: Buffer Overflow in the cv::PxMDecoder::readData
    function in grfmt_pxm.cpp
    - debian/patches/CVE-2017-17760.patch: fix in grfmt_pxm.cpp.
    - CVE-2017-17760
  * SECURITY UPDATE: Integer overflow may lead to remote execution or
    denial of service
    - debian/patches/CVE-2017-1000450.patch: fix in grfmt_bmp.cpp.
    - CVE-2017-1000450
  * SECURITY UPDATE: A heap-based buffer overflow happens in
    cv::Jpeg2KDecoder::readComponent8u when parsing a crafted image file
    - debian/patches/CVE-2018-5268.patch: fix in grfmt_jpeg2000.cpp.
    - CVE-2018-5268
  * SECURITY UPDATE: an assertion failure happens in
    cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because
    of an incorrect integer cast.
    - debian/patches/CVE-2018-5269.patch: add overflow checks.
    - CVE-2018-5269

Date: Wed, 28 Nov 2018 19:35:26 +0100
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/opencv/3.2.0+dfsg-5ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 28 Nov 2018 19:35:26 +0100
Source: opencv
Binary: opencv-doc libopencv-dev opencv-data libopencv-core-dev libopencv-core3.2 libopencv-ml-dev libopencv-ml3.2 libopencv-imgproc-dev libopencv-imgproc3.2 libopencv-imgcodecs-dev libopencv-imgcodecs3.2 libopencv-video-dev libopencv-video3.2 libopencv-videoio-dev libopencv-videoio3.2 libopencv-objdetect-dev libopencv-objdetect3.2 libopencv-highgui-dev libopencv-highgui3.2 libopencv-calib3d-dev libopencv-calib3d3.2 libopencv-flann-dev libopencv-flann3.2 libopencv-features2d-dev libopencv-features2d3.2 libopencv-ts-dev libopencv-photo-dev libopencv-photo3.2 libopencv-videostab-dev libopencv-videostab3.2 libopencv-stitching-dev libopencv-stitching3.2 libopencv-shape-dev libopencv-shape3.2 libopencv-superres-dev libopencv-superres3.2 libopencv-viz-dev libopencv-viz3.2 libopencv-contrib-dev libopencv-contrib3.2 libopencv3.2-java libopencv3.2-jni python-opencv python3-opencv
Architecture: source
Version: 3.2.0+dfsg-5ubuntu1
Distribution: disco
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Description:
 libopencv-calib3d-dev - development files for libopencv-calib3d3.2
 libopencv-calib3d3.2 - computer vision Camera Calibration library
 libopencv-contrib-dev - development files for libopencv-contrib3.2
 libopencv-contrib3.2 - computer vision contrlib library
 libopencv-core-dev - development files for libopencv-core3.2
 libopencv-core3.2 - computer vision core library
 libopencv-dev - development files for opencv
 libopencv-features2d-dev - development files for libopencv-features2d3.2
 libopencv-features2d3.2 - computer vision Feature Detection and Descriptor Extraction libra
 libopencv-flann-dev - development files for libopencv-flann3.2
 libopencv-flann3.2 - computer vision Clustering and Search in Multi-Dimensional spaces
 libopencv-highgui-dev - development files for libopencv-highgui3.2
 libopencv-highgui3.2 - computer vision High-level GUI and Media I/O library
 libopencv-imgcodecs-dev - development files for libopencv-imgcodecs3.2
 libopencv-imgcodecs3.2 - computer vision Image Codecs library
 libopencv-imgproc-dev - development files for libopencv-imgproc3.2
 libopencv-imgproc3.2 - computer vision Image Processing library
 libopencv-ml-dev - development files for libopencv-ml3.2
 libopencv-ml3.2 - computer vision Machine Learning library
 libopencv-objdetect-dev - development files for libopencv-objdetect3.2
 libopencv-objdetect3.2 - computer vision Object Detection library
 libopencv-photo-dev - development files for libopencv-photo3.2
 libopencv-photo3.2 - computer vision computational photography library
 libopencv-shape-dev - development files for libopencv-shape3.2
 libopencv-shape3.2 - computer vision shape descriptors and matchers library
 libopencv-stitching-dev - development files for libopencv-stitching3.2
 libopencv-stitching3.2 - computer vision image stitching library
 libopencv-superres-dev - development files for libopencv-superres3.2
 libopencv-superres3.2 - computer vision Super Resolution library
 libopencv-ts-dev - development files for TS library of OpenCV (Open Computer Vision)
 libopencv-video-dev - development files for libopencv-video3.2
 libopencv-video3.2 - computer vision Video analysis library
 libopencv-videoio-dev - development files for libopencv-videoio3.2
 libopencv-videoio3.2 - computer vision Video I/O library
 libopencv-videostab-dev - development files for libopencv-videostab3.2
 libopencv-videostab3.2 - computer vision video stabilization library
 libopencv-viz-dev - development files for libopencv-viz3.2
 libopencv-viz3.2 - computer vision 3D data visualization library
 libopencv3.2-java - Java bindings for the computer vision library
 libopencv3.2-jni - Java jni library for the computer vision library
 opencv-data - development data for opencv
 opencv-doc - OpenCV documentation and examples
 python-opencv - Python bindings for the computer vision library
 python3-opencv - Python 3 bindings for the computer vision library
Changes:
 opencv (3.2.0+dfsg-5ubuntu1) disco; urgency=low
 .
   * Merge from Debian unstable.  Remaining changes:
   * SECURITY UPDATE: Out-of-bounds read/write errors and buffer
     overflows in different functions.
     - debian/patches/CVE-2017-several.patch: fix in bitstrm.cpp,
       bitstrm.hpp, grfmt_bmp.cpp, grfmt_pxm.cpp, loadsave.cpp,
       test_grfmt.cpp and cuda_test.cpp.
     - CVE-2016-1516
     - CVE-2016-1517
     - CVE-2017-12597
     - CVE-2017-12598
     - CVE-2017-12599
     - CVE-2017-12600
     - CVE-2017-12601
     - CVE-2017-12602
     - CVE-2017-12603
     - CVE-2017-12604
     - CVE-2017-12605
     - CVE-2017-12606
     - CVE-2017-12862
     - CVE-2017-12863
     - CVE-2017-12864
   * SECURITY UPDATE: Out of bound write cause segmentation fault
     - debian/patches/CVE-2017-14136.patch: fix in grfmt_bmp.cpp,
       grfmt_exr.cpp, grfmt_jpeg.cpp, grfmt_jpeg2000.cpp,
       grfmt_pam.cpp, grfmt_sunras.cpp, utils.cpp and utils.hpp.
     - CVE-2017-14136
   * SECURITY UPDATE: Buffer Overflow in the cv::PxMDecoder::readData
     function in grfmt_pxm.cpp
     - debian/patches/CVE-2017-17760.patch: fix in grfmt_pxm.cpp.
     - CVE-2017-17760
   * SECURITY UPDATE: Integer overflow may lead to remote execution or
     denial of service
     - debian/patches/CVE-2017-1000450.patch: fix in grfmt_bmp.cpp.
     - CVE-2017-1000450
   * SECURITY UPDATE: A heap-based buffer overflow happens in
     cv::Jpeg2KDecoder::readComponent8u when parsing a crafted image file
     - debian/patches/CVE-2018-5268.patch: fix in grfmt_jpeg2000.cpp.
     - CVE-2018-5268
   * SECURITY UPDATE: an assertion failure happens in
     cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because
     of an incorrect integer cast.
     - debian/patches/CVE-2018-5269.patch: add overflow checks.
     - CVE-2018-5269
Checksums-Sha1:
 96e3b34a23dfbad36ee745fd1f6cebff2c7f077f 5992 opencv_3.2.0+dfsg-5ubuntu1.dsc
 0be98eff1041b262f92921d7310b6e7385a9c6bb 38788 opencv_3.2.0+dfsg-5ubuntu1.debian.tar.xz
 10b45171a59b07cbca6a80efacaa34ede86bb7d3 20800 opencv_3.2.0+dfsg-5ubuntu1_source.buildinfo
Checksums-Sha256:
 11d4b3523ca528e3abaf90552dc18039484d3207ea1bbf7966fa97b4b6549885 5992 opencv_3.2.0+dfsg-5ubuntu1.dsc
 33a2ac764df306ea1b40ceb0fe7fd4701143343f38cdc5131f69cab607a563a9 38788 opencv_3.2.0+dfsg-5ubuntu1.debian.tar.xz
 c14cc112be014c51e4719db0033d973031f4d17a5c05387b8ebf225ae0d43a01 20800 opencv_3.2.0+dfsg-5ubuntu1_source.buildinfo
Files:
 406ccb9d8133586ce6e3df2225918cf3 5992 devel optional opencv_3.2.0+dfsg-5ubuntu1.dsc
 d7a10535b8d667c4697e4a941225f7ec 38788 devel optional opencv_3.2.0+dfsg-5ubuntu1.debian.tar.xz
 d660032fec5529d6d3d92185ca7323d6 20800 devel optional opencv_3.2.0+dfsg-5ubuntu1_source.buildinfo
Original-Maintainer: Debian Science Team <debian-science-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEkpeKbhleSSGCX3/w808JdE6fXdkFAlv+4EwACgkQ808JdE6f
XdlZLg/8DKyBWbR76ldget+wuGapOxSrHo9Xi9V6CqTfuNA4hv7bm1yHlW2YyviC
C13E1EAiqMJgBvxACJMi3GYlROgjlCB2fBiA3iuC0/9j4yuoZOr6hBE4BNxJsW6m
ScQ77Gr+x+FvNF2wKwGUR6VJGs8woy2Su3hH0+8AdiRLq004mW99tatCT1pF4sN1
UpgwkFkfVxasS3nvQIKvrnc8/QBJVgTab+bBz3qNCJov+HpZnVX1pWYWlSFSjIIF
cB6GuUOJVQz4tUG3pUhApp57aWazC26aLWm9h1IGGaDI48U6t9/XdOMuz20WD4ek
0CpN/FpqhGhGOZDxR0sy8T8nVYKscUrGvBADvaOUoL1QBgP2kZFYDwjh3/DIV2qt
T67xELByCJs70UMc+zeEofLzQ95wIkSiRAchTEIiy0xzR9PRv4PK5cp6Uv+It5kJ
aoVx6SL7vDX28OI262cDbD+lggH76WfgapihifivvEJvIfMVwhBsib3DQE04Ggz+
ci70Nux7mazAPYuj409r+gNI9F8alt6DVtU250gi+mKuprsbFK58j+az6UDFMjym
jpW5TdqP1PAac398Kit5UeAix3aAPuNN0beb6/NHXcFmPTYt326BtZNOMQPzJh5P
HRBLtYRymHsPWLbJ8b4+rvRifl/EJ5lx20BbfhSH+LmwXJ2B9LA=
=Nt12
-----END PGP SIGNATURE-----


More information about the Disco-changes mailing list