[ubuntu/focal-proposed] openjpeg2 2.3.1-1ubuntu4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Feb 19 15:45:13 UTC 2020


openjpeg2 (2.3.1-1ubuntu4) focal; urgency=medium

  * SECURITY UPDATE: denial of service via excessive iteration
    - debian/patches/CVE-2019-12973-1.patch: detect invalid file dimensions
      early in src/bin/jp2/convertbmp.c.
    - debian/patches/CVE-2019-12973-2.patch: avoid potential infinite loop
      in src/bin/jp2/convertbmp.c.
    - CVE-2019-12973
  * SECURITY UPDATE: heap overflow in opj_t1_clbl_decode_processor
    - debian/patches/CVE-2020-6851.patch: reject images whose
      coordinates are beyond INT_MAX in src/lib/openjp2/j2k.c.
    - CVE-2020-6851
  * SECURITY UPDATE: another heap overflow in opj_t1_clbl_decode_processor
    - debian/patches/CVE-2020-8112.patch: avoid integer overflow in
      src/lib/openjp2/tcd.c.
    - CVE-2020-8112

Date: Wed, 19 Feb 2020 09:52:00 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openjpeg2/2.3.1-1ubuntu4
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 19 Feb 2020 09:52:00 -0500
Source: openjpeg2
Architecture: source
Version: 2.3.1-1ubuntu4
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 openjpeg2 (2.3.1-1ubuntu4) focal; urgency=medium
 .
   * SECURITY UPDATE: denial of service via excessive iteration
     - debian/patches/CVE-2019-12973-1.patch: detect invalid file dimensions
       early in src/bin/jp2/convertbmp.c.
     - debian/patches/CVE-2019-12973-2.patch: avoid potential infinite loop
       in src/bin/jp2/convertbmp.c.
     - CVE-2019-12973
   * SECURITY UPDATE: heap overflow in opj_t1_clbl_decode_processor
     - debian/patches/CVE-2020-6851.patch: reject images whose
       coordinates are beyond INT_MAX in src/lib/openjp2/j2k.c.
     - CVE-2020-6851
   * SECURITY UPDATE: another heap overflow in opj_t1_clbl_decode_processor
     - debian/patches/CVE-2020-8112.patch: avoid integer overflow in
       src/lib/openjp2/tcd.c.
     - CVE-2020-8112
Checksums-Sha1:
 8a31465053bda648067c8d57f7ecd793831989ca 2842 openjpeg2_2.3.1-1ubuntu4.dsc
 d22e8f4ce1e96f9663ed8151a5278b15aa1265c9 21052 openjpeg2_2.3.1-1ubuntu4.debian.tar.xz
 dcb98fa7e9013d11ab2c9d395694481647e05b49 8355 openjpeg2_2.3.1-1ubuntu4_source.buildinfo
Checksums-Sha256:
 d1ce35b17b6c40cbea1a2291d94ee29fbd334ff622590e3939b749430a0d6e73 2842 openjpeg2_2.3.1-1ubuntu4.dsc
 b42c551474c33926840df7b8fe73d85fb1c5d2d28dc9c08b0ecb6be22af1edb9 21052 openjpeg2_2.3.1-1ubuntu4.debian.tar.xz
 005c6607edb370f072ad5bf94ac95919f9683d7c6bf2faeca8905482aee26110 8355 openjpeg2_2.3.1-1ubuntu4_source.buildinfo
Files:
 a05f766091e7340784229c3b55ab1849 2842 libs optional openjpeg2_2.3.1-1ubuntu4.dsc
 dc48b55eb61316ce94049e44b16c6870 21052 libs optional openjpeg2_2.3.1-1ubuntu4.debian.tar.xz
 7a1d45738675ef27cb8f97c8f5b6bee6 8355 libs optional openjpeg2_2.3.1-1ubuntu4_source.buildinfo
Original-Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl5NUfkACgkQZWnYVadE
vpPMVw/9GD4FdJ1sl7yd4Qy7qKszvq1rnaaNd8SjWNsWW+MBaxFSmv9chE6QViAT
r1aRJHyyO7K8ZJ85/yo3q6Q5wNPF6VAS6TgJKadnW7edXg+/ifgMymw0LyfIVEyc
/2Cf3bGY3wzrZXkcZ89KTYfv+QyqGDu/ocXlE1H+8zPHnWPD6Az09BIchpymzvfs
QD6gKbTEDZFpGJ1vwi5VRUOh6KZGS+9VNbMVf4dqI8Gz9/kH1fsYbGr8N7g6FUl/
BpToRlfCIN+WiPNpnM3i1MOvxPMQ+BLNyIz/WAE/NdHNXNcutBEkp6oToL8+Tlbi
f3OYTNGD07UH1Q9MlFoWllFecO/Pgfowm3pCFeSb1ZMjtqKC4saHRzyKJVSDIAiS
w/k4768he/C/BSnQWRe/at8NwArf9VK1uMWQH0Yyha0yYeBuOkTSdINntwc2yNZU
MZv5w7aAaOYV0mQJxjt+/Q10ng1MoRmbyAohR4EHotbtymvjaKYLuCzBnk4e+Bzc
PRAykQK8dMoj68fHcqSjAriFHZ99fXeYjRbLAj6I0zwg+oyTw6zrr+App91vOyMr
aGJ9EZ0RJXY5goX2L1yF+kVQVw5Bgo2aSj1UMMw8bjZ6Dnj0Mf73RXHj2mV5eaMs
zkZMLPP5bmQJzogzUFbbivDowvVyb083LRMyazxd+HNtRjPAL0g=
=6X9g
-----END PGP SIGNATURE-----


More information about the Focal-changes mailing list