[ubuntu/xenial-updates] openjpeg2 2.1.0-2.1ubuntu0.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Fri Oct 14 13:28:11 UTC 2016
openjpeg2 (2.1.0-2.1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Out-of-bound heap write possible resulting
in heap corruption and arbitrary code execution (lp: #1630702)
- debian/patches/CVE-2016-8332.patch: fix incrementing of
"l_tcp->m_nb_mcc_records" in opj_j2k_read_mcc
in src/lib/openjp2/j2k.c.
- CVE-2016-8332
* SECURITY UPDATE: Integer overflow possible resulting in
arbitrary code execution via a crafted JP2 file,
triggering out-of-bound read or write (lp: #1630702)
- debian/patches/CVE-2016-7163.patch: fix an integer
overflow issue in function opj_pi_create_decode of
pi.c in src/lib/openjp2/pi.c.
- CVE-2016-7163
Date: 2016-10-14 12:07:13.879147+00:00
Changed-By: Nikita Yerenkov-Scott <cooks.go.hungry at gmail.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/openjpeg2/2.1.0-2.1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list