Summary: | <media-libs/openjpeg-2.2.0: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | graphics+disabled |
Priority: | Normal | Keywords: | STABLEREQ |
Version: | unspecified | Flags: | stable-bot:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/12/09/4 | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=628414 https://bugs.gentoo.org/show_bug.cgi?id=628416 https://bugs.gentoo.org/show_bug.cgi?id=628418 https://bugs.gentoo.org/show_bug.cgi?id=628420 https://bugs.gentoo.org/show_bug.cgi?id=628422 |
||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
=media-libs/openjpeg-2.2.0
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 606618, 629372 |
Description
Thomas Deutschmann (RETIRED)
2016-12-09 18:03:44 UTC
Upstream patch: https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255 CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 https://github.com/uclouvain/openjpeg/issues/855 CVE-2016-9113: NULL pointer dereference in function imagetobmp https://github.com/uclouvain/openjpeg/issues/856 CVE-2016-9114: NULL pointer access in function imagetopnm https://github.com/uclouvain/openjpeg/issues/857 CVE-2016-9115: Heap-buffer overflow in function imagetotga https://github.com/uclouvain/openjpeg/issues/858 CVE-2016-9116: NULL pointer access in function imagetopnm https://github.com/uclouvain/openjpeg/issues/859 CVE-2016-9117: NULL pointer access in function imagetopnm https://github.com/uclouvain/openjpeg/issues/860 CVE-2016-9118: Heap-buffer overflow in function pnmtoimage https://github.com/uclouvain/openjpeg/issues/861 Update: CVE-2016-1626: Fixed, https://github.com/uclouvain/openjpeg/issues/850 CVE-2016-1628: Fixed, https://github.com/uclouvain/openjpeg/issues/850 CVE-2016-3183: Fixed, https://github.com/uclouvain/openjpeg/issues/726 CVE-2016-5139: Fixed, https://github.com/uclouvain/openjpeg/pull/819 CVE-2016-5152: Fixed, https://github.com/uclouvain/openjpeg/issues/854 CVE-2016-5157: Fixed, https://github.com/uclouvain/openjpeg/pull/823 CVE-2016-5158: Fixed, https://github.com/uclouvain/openjpeg/issues/854 CVE-2016-7445: Fixed, https://github.com/uclouvain/openjpeg/issues/843 CVE-2016-9112: Fixed, https://github.com/uclouvain/openjpeg/issues/855 CVE-2016-9113: UNKNOWN, https://github.com/uclouvain/openjpeg/issues/856 CVE-2016-9114: UNKNOWN, https://github.com/uclouvain/openjpeg/issues/857 CVE-2016-9115: UNKNOWN, https://github.com/uclouvain/openjpeg/issues/858 CVE-2016-9116: UNKNOWN, https://github.com/uclouvain/openjpeg/issues/859 CVE-2016-9117: UNKNOWN, https://github.com/uclouvain/openjpeg/issues/860 CVE-2016-9118: Fixed, https://github.com/uclouvain/openjpeg/issues/861 CVE-2016-9580: Fixed, https://github.com/uclouvain/openjpeg/issues/871 CVE-2016-9581: Fixed, https://github.com/uclouvain/openjpeg/issues/872 Freeing/Updating aliases. We will split out the remaining/unknown vulnerabilities. Removing "cve" flag, CVE list must be updated. @ Arches, please test and mark stable: =media-libs/openjpeg-2.2.0 x86 stable ia64 stable arm stable amd64 stable FTR 2.2.0 is still affected by some issues. I'd suggest to bump a snapshot or wait for 2.2.1 alpha stable (In reply to Agostino Sarubbo from comment #9) > FTR 2.2.0 is still affected by some issues. I'd suggest to bump a snapshot > or wait for 2.2.1 Ago can you please describe the issues. If there is a fix for it lets bump it. sparc was dropped to exp. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9 @arches, ping. hppa/ppc/ppc64 stable @maintainer(s), please let us know if this can be cleaned or the proper masks applied. Thanks! This issue was resolved and addressed in GLSA 201710-26 at https://security.gentoo.org/glsa/201710-26 by GLSA coordinator Aaron Bauman (b-man). |