> https://github.com/uclouvain/openjpeg/issues/871 CVE-2016-9580 integer overflow in tiftoimage resulting into heap buffer overflow > https://github.com/uclouvain/openjpeg/issues/872 CVE-2016-9581 infinite loop in tiftoimage resulting into heap buffer overflow in convert_32s_C1P1 Proposed fix: https://github.com/uclouvain/openjpeg/pull/873 Report source: http://www.openwall.com/lists/oss-security/2016/12/09/4
Upstream patch: https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255
CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 https://github.com/uclouvain/openjpeg/issues/855 CVE-2016-9113: NULL pointer dereference in function imagetobmp https://github.com/uclouvain/openjpeg/issues/856 CVE-2016-9114: NULL pointer access in function imagetopnm https://github.com/uclouvain/openjpeg/issues/857 CVE-2016-9115: Heap-buffer overflow in function imagetotga https://github.com/uclouvain/openjpeg/issues/858 CVE-2016-9116: NULL pointer access in function imagetopnm https://github.com/uclouvain/openjpeg/issues/859 CVE-2016-9117: NULL pointer access in function imagetopnm https://github.com/uclouvain/openjpeg/issues/860 CVE-2016-9118: Heap-buffer overflow in function pnmtoimage https://github.com/uclouvain/openjpeg/issues/861
Update: CVE-2016-1626: Fixed, https://github.com/uclouvain/openjpeg/issues/850 CVE-2016-1628: Fixed, https://github.com/uclouvain/openjpeg/issues/850 CVE-2016-3183: Fixed, https://github.com/uclouvain/openjpeg/issues/726 CVE-2016-5139: Fixed, https://github.com/uclouvain/openjpeg/pull/819 CVE-2016-5152: Fixed, https://github.com/uclouvain/openjpeg/issues/854 CVE-2016-5157: Fixed, https://github.com/uclouvain/openjpeg/pull/823 CVE-2016-5158: Fixed, https://github.com/uclouvain/openjpeg/issues/854 CVE-2016-7445: Fixed, https://github.com/uclouvain/openjpeg/issues/843 CVE-2016-9112: Fixed, https://github.com/uclouvain/openjpeg/issues/855 CVE-2016-9113: UNKNOWN, https://github.com/uclouvain/openjpeg/issues/856 CVE-2016-9114: UNKNOWN, https://github.com/uclouvain/openjpeg/issues/857 CVE-2016-9115: UNKNOWN, https://github.com/uclouvain/openjpeg/issues/858 CVE-2016-9116: UNKNOWN, https://github.com/uclouvain/openjpeg/issues/859 CVE-2016-9117: UNKNOWN, https://github.com/uclouvain/openjpeg/issues/860 CVE-2016-9118: Fixed, https://github.com/uclouvain/openjpeg/issues/861 CVE-2016-9580: Fixed, https://github.com/uclouvain/openjpeg/issues/871 CVE-2016-9581: Fixed, https://github.com/uclouvain/openjpeg/issues/872 Freeing/Updating aliases. We will split out the remaining/unknown vulnerabilities.
Removing "cve" flag, CVE list must be updated. @ Arches, please test and mark stable: =media-libs/openjpeg-2.2.0
x86 stable
ia64 stable
arm stable
amd64 stable
FTR 2.2.0 is still affected by some issues. I'd suggest to bump a snapshot or wait for 2.2.1
alpha stable
(In reply to Agostino Sarubbo from comment #9) > FTR 2.2.0 is still affected by some issues. I'd suggest to bump a snapshot > or wait for 2.2.1 Ago can you please describe the issues. If there is a fix for it lets bump it.
sparc was dropped to exp. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9
@arches, ping.
hppa/ppc/ppc64 stable
@maintainer(s), please let us know if this can be cleaned or the proper masks applied. Thanks!
This issue was resolved and addressed in GLSA 201710-26 at https://security.gentoo.org/glsa/201710-26 by GLSA coordinator Aaron Bauman (b-man).