[ubuntu/xenial-updates] openjpeg2 2.1.2-1.1+deb9u6build0.16.04.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Mar 16 10:58:16 UTC 2021
openjpeg2 (2.1.2-1.1+deb9u6build0.16.04.1) xenial-security; urgency=medium
* fake sync from Debian
openjpeg2 (2.1.2-1.1+deb9u6) stretch-security; urgency=medium
* Non-maintainer upload by the LTS Security Team.
* Fix CVE-2020-27814: A heap-buffer overflow in the way openjpeg2
handled certain PNG format files.
* Fix CVE-2020-27823: Wrong computation of x1,y1 if -d option is used,
resulting in heap buffer overflow.
* Fix CVE-2020-27824: avoid global buffer overflow on irreversible conversion when
too many decomposition levels are specified.
* Fix CVE-2020-27841: crafted input to be processed by the openjpeg encoder
could cause an out-of-bounds read.
* Fix CVE-2020-27844: crafted input to be processed by the openjpeg encoder
could cause an out-of-bounds write.
* Fix CVE-2020-27845: crafted input can cause out-of-bounds-read.
Date: 2021-03-16 09:30:09.507603+00:00
Changed-By: Eduardo Barretto <eduardo.barretto at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/openjpeg2/2.1.2-1.1+deb9u6build0.16.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list