Change logs for openjpeg2 source package in Impish

openjpeg2 (2.3.1-1ubuntu6) impish; urgency=medium

  * No-change rebuild to build packages with zstd compression.

 -- Matthias Klose <email address hidden>  Thu, 07 Oct 2021 12:21:57 +0200

openjpeg2 (2.3.1-1ubuntu5) hirsute; urgency=medium

  * SECURITY UPDATE: use-after-free via directory
    - debian/patches/CVE-2020-15389.patch: fix double-free on input
      directory with mix of valid and invalid images in
      src/bin/jp2/opj_decompress.c.
    - CVE-2020-15389
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2020-27814-1.patch: grow buffer size in
      src/lib/openjp2/tcd.c.
    - debian/patches/CVE-2020-27814-2.patch: grow it again
    - debian/patches/CVE-2020-27814-3.patch: and some more
    - debian/patches/CVE-2020-27814-4.patch: bigger, BIGGER!!!
    - CVE-2020-27814
  * SECURITY UPDATE: heap-buffer-overflow write
    - debian/patches/CVE-2020-27823.patch: fix wrong computation in
      src/bin/jp2/convertpng.c.
    - CVE-2020-27823
  * SECURITY UPDATE: global-buffer-overflow
    - debian/patches/CVE-2020-27824.patch: avoid global buffer overflow on
      irreversible conversion when too many decomposition levels are
      specified in src/lib/openjp2/dwt.c.
    - CVE-2020-27824
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-27841.patch: add extra checks to
      src/lib/openjp2/pi.c, src/lib/openjp2/pi.h, src/lib/openjp2/t2.c.
    - CVE-2020-27841
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2020-27842.patch: add check to
      src/lib/openjp2/t2.c.
    - CVE-2020-27842
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-27843.patch: add check to
      src/lib/openjp2/t2.c.
    - CVE-2020-27843
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-27845.patch: add extra checks to
      src/lib/openjp2/pi.c.
    - CVE-2020-27845

 -- Marc Deslauriers <email address hidden>  Wed, 06 Jan 2021 09:44:46 -0500