-
openjpeg2 (2.1.2-1.1+deb9u6build0.16.04.1) xenial-security; urgency=medium
* fake sync from Debian
openjpeg2 (2.1.2-1.1+deb9u6) stretch-security; urgency=medium
* Non-maintainer upload by the LTS Security Team.
* Fix CVE-2020-27814: A heap-buffer overflow in the way openjpeg2
handled certain PNG format files.
* Fix CVE-2020-27823: Wrong computation of x1,y1 if -d option is used,
resulting in heap buffer overflow.
* Fix CVE-2020-27824: avoid global buffer overflow on irreversible conversion when
too many decomposition levels are specified.
* Fix CVE-2020-27841: crafted input to be processed by the openjpeg encoder
could cause an out-of-bounds read.
* Fix CVE-2020-27844: crafted input to be processed by the openjpeg encoder
could cause an out-of-bounds write.
* Fix CVE-2020-27845: crafted input can cause out-of-bounds-read.
-- Eduardo Barretto <email address hidden> Mon, 15 Mar 2021 11:35:23 +0100
-
openjpeg2 (2.1.2-1.1+deb9u5build0.16.04.1) xenial-security; urgency=medium
* fake sync from Debian
-- Mike Salvatore <email address hidden> Mon, 14 Sep 2020 12:31:30 -0400
-
openjpeg2 (2.1.2-1.1+deb9u3build0.16.04.1) xenial-security; urgency=medium
* SECURITY UPDATE: sync from Debian stretch-security
openjpeg2 (2.1.2-1.1+deb9u3) stretch-security; urgency=medium
* Non-maintainer upload by the Security Team.
* CVE-2018-14423: Division-by-zero vulnerabilities in the functions
pi_next_pcrl, pi_next_cprl, and pi_next_rpcl (closes: #904873).
* CVE-2018-6616: Excessive Iteration in opj_t1_encode_cblks
(closes: #889683).
* CVE-2017-17480: Write stack buffer overflow due to missing buffer
length formatter in fscanf call (closes: #884738).
* CVE-2018-18088: Null pointer dereference caused by null image
components in imagetopnm (closes: #910763).
* CVE-2018-5785: Integer overflow in convertbmp.c (closes: #888533).
-- Steve Beattie <email address hidden> Tue, 11 Jun 2019 15:34:16 -0700
-
openjpeg2 (2.1.2-1.1+deb9u2build0.1) xenial-security; urgency=medium
* SECURITY UPDATE: sync from Debian stretch-security
- Ubuntu changes were applied upstream, so dropping.
openjpeg2 (2.1.2-1.1+deb9u2) stretch-security; urgency=medium
* Fix whitespace/indent mess
* CVE-2017-14039: CVE-2017-14039.patch
* CVE-2017-14040: 2cd30c2b06ce332dede81cccad8b334cde997281.patch
* CVE-2017-14041: e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch
* CVE-2017-14151: afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch
* CVE-2017-14152: dcac91b8c72f743bda7dbfa9032356bc8110098a.patch
openjpeg2 (2.1.2-1.1+deb9u1) stretch-security; urgency=medium
* CVE-2016-9118: c22cbd8bdf8ff2ae372f94391a4be2d322b36b41.patch
* CVE-2016-5152: 3fbe71369019df0b47c7a2be4fab8c05768f2f32.patch
* CVE-2016-1628: 11445eddad7e7fa5b273d1c83c91011c44e5d586.patch
* CVE-2016-10504: 397f62c0a838e15d667ef50e27d5d011d2c79c04.patch
openjpeg2 (2.1.2-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Add CVE-2016-9572_CVE-2016-9573.patch patch.
CVE-2016-9572: NULL pointer dereference in input decoding
CVE-2016-9573: Heap out-of-bounds read due to insufficient check in
imagetopnm(). (Closes: #851422)
openjpeg2 (2.1.2-1) unstable; urgency=medium
* New upstream. Closes: #839120
* Fix CVE-2016-7163. Closes: #837604
* Fix CVE-2016-7445. Closes: #838690
* Remove patches applied upstream:
openjpeg2 (2.1.1-1) unstable; urgency=medium
* New upstream. Closes: #829734
+ d/watch points toward github now
+ Fix man page typos. Closes: #772889, #784377
+ Raise priority to optional. Closes: #822577
+ Fix multiple CVEs: Closes: #800453, #800149, #818399
* Fix pc file. Closes: #787383
* Remove reference to contrib. Closes: #820190
* Bump Std-Vers to 3.9.8, no changes needed
-- Eduardo Barretto <email address hidden> Thu, 30 Aug 2018 15:03:28 -0300
-
openjpeg2 (2.1.0-2.1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Out-of-bound heap write possible resulting
in heap corruption and arbitrary code execution (lp: #1630702)
- debian/patches/CVE-2016-8332.patch: fix incrementing of
"l_tcp->m_nb_mcc_records" in opj_j2k_read_mcc
in src/lib/openjp2/j2k.c.
- CVE-2016-8332
* SECURITY UPDATE: Integer overflow possible resulting in
arbitrary code execution via a crafted JP2 file,
triggering out-of-bound read or write (lp: #1630702)
- debian/patches/CVE-2016-7163.patch: fix an integer
overflow issue in function opj_pi_create_decode of
pi.c in src/lib/openjp2/pi.c.
- CVE-2016-7163
-- Nikita Yerenkov-Scott <email address hidden> Sat, 08 Oct 2016 16:10:43 +0100
-
openjpeg2 (2.1.0-2.1) unstable; urgency=high
* Non-maintainer upload.
* Apache 2.4 transition: (Closes: #786333)
+ d/rules: Added --with apache2.
+ Drop d/libopenjpip-server.install.
+ Drop d/libopenjpip-server.prerm.
+ d/control: Add build-depends on dh-apache2, replace depends on
apache2.2-bin by ${misc:Recommends}, add recommends on
libapache2-mod-fastcgi.
+ New d/libopenjpip-server.conf for apache2 fastcgi setup.
+ Drop d/libopenjpip-server.load.
+ New d/libopenjpip-server.apache2 to set up the configuration.
-- Jean-Michel Vourgère <email address hidden> Thu, 21 May 2015 23:05:40 +0200