[ubuntu/xenial-updates] openjpeg2 2.1.2-1.1+deb9u5build0.16.04.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Sep 14 19:28:14 UTC 2020

openjpeg2 (2.1.2-1.1+deb9u5build0.16.04.1) xenial-security; urgency=medium

  * fake sync from Debian

openjpeg2 (2.1.2-1.1+deb9u5) stretch-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2020-15389: opj_decompress: fix double-free
    on input directory with mix of valid and invalid image.
  * Fix CVE-2020-8112: opj_tcd_init_tile(): avoid integer
    overflow. (Closes: #950184)
  * Fix CVE-2020-6851: opj_j2k_update_image_dimensions(): reject
    images whose coordinates are beyond INT_MAX. (Closes: #950000)
  * Fix CVE-2019-12973: convertbmp: detect invalid file dimensions
    early and bmp_read_rle4_data(): avoid potential infinite loop.
    (Closes: #931292)

openjpeg2 (2.1.2-1.1+deb9u4) stretch; urgency=medium

  * Non-maintainer upload.
  * CVE-2018-21010: heap buffer overflow in color_apply_icc_profile
    (Closes: #939553).
  * CVE-2018-20847: improper computation of values in the function
    opj_get_encoding_parameters, leading to an integer overflow
    (Closes: #931294).
  * CVE-2016-9112: floating point exception or divide by zero in the
    function opj_pi_next_cprl (Closes: #844551).

Date: 2020-09-14 17:22:13.098007+00:00
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list