[ubuntu/xenial-security] openjpeg2 2.1.2-1.1+deb9u5build0.16.04.1 (Accepted)
Mike Salvatore
mike.salvatore at canonical.com
Mon Sep 14 18:42:31 UTC 2020
openjpeg2 (2.1.2-1.1+deb9u5build0.16.04.1) xenial-security; urgency=medium
* fake sync from Debian
openjpeg2 (2.1.2-1.1+deb9u5) stretch-security; urgency=high
* Non-maintainer upload by the LTS team.
* Fix CVE-2020-15389: opj_decompress: fix double-free
on input directory with mix of valid and invalid image.
* Fix CVE-2020-8112: opj_tcd_init_tile(): avoid integer
overflow. (Closes: #950184)
* Fix CVE-2020-6851: opj_j2k_update_image_dimensions(): reject
images whose coordinates are beyond INT_MAX. (Closes: #950000)
* Fix CVE-2019-12973: convertbmp: detect invalid file dimensions
early and bmp_read_rle4_data(): avoid potential infinite loop.
(Closes: #931292)
openjpeg2 (2.1.2-1.1+deb9u4) stretch; urgency=medium
* Non-maintainer upload.
* CVE-2018-21010: heap buffer overflow in color_apply_icc_profile
(Closes: #939553).
* CVE-2018-20847: improper computation of values in the function
opj_get_encoding_parameters, leading to an integer overflow
(Closes: #931294).
* CVE-2016-9112: floating point exception or divide by zero in the
function opj_pi_next_cprl (Closes: #844551).
Date: 2020-09-14 17:22:13.098007+00:00
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
https://launchpad.net/ubuntu/+source/openjpeg2/2.1.2-1.1+deb9u5build0.16.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list