Heap-based buffer overflows. Described here: https://github.com/uclouvain/openjpeg/issues/1228 And here: https://github.com/uclouvain/openjpeg/issues/1231
CVE-2020-8112 (https://nvd.nist.gov/vuln/detail/CVE-2020-8112): opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. CVE-2020-6851 (https://nvd.nist.gov/vuln/detail/CVE-2020-6851): OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
CVE-2020-6851: ============== https://github.com/uclouvain/openjpeg/issues/1228 https://github.com/uclouvain/openjpeg/commit/024b8407392cb0b82b04b58ed256094ed5799e04 CVE-2020-8112: ============== https://github.com/uclouvain/openjpeg/issues/1231
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26f7a380f84826f1b0b5510cd34e4f72894b5e8f commit 26f7a380f84826f1b0b5510cd34e4f72894b5e8f Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-03-22 01:56:44 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-25 22:42:02 +0000 media-libs/openjpeg: Patch CVEs in SLOT:2 Uses upstream patches to fix CVE-2020-6851, CVE-2020-8112. Bug: https://bugs.gentoo.org/707926 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Closes: https://github.com/gentoo/gentoo/pull/15049 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> .../files/openjpeg-2.3.1-CVE-2020-6851.patch | 29 +++++ .../files/openjpeg-2.3.1-CVE-2020-8112.patch | 43 +++++++ media-libs/openjpeg/openjpeg-2.3.1-r1.ebuild | 135 +++++++++++++++++++++ 3 files changed, 207 insertions(+)
An automated check of this bug failed - the following atom is unknown: edia-libs/openjpeg-2.3.1-r1 Please verify the atom list.
An automated check of this bug succeeded - the previous repoman errors are now resolved.
amd64 stable
ppc stable
ppc64 stable
sparc stable
x86 stable
s390 stable
hppa stable
arm64 stable despite test failure (looks like -r0 fails even more tests on a single try)
arm stable
ia64 will pass. See https://archives.gentoo.org/gentoo-dev/message/edaadc85d7423810dd6ecfeda29cc85f
@maintainer(s), please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8fe3f2e1ea52b4d887f707ff3b0564862c5d7b86 commit 8fe3f2e1ea52b4d887f707ff3b0564862c5d7b86 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-31 17:57:39 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-31 17:57:50 +0000 media-libs/openjpeg: security cleanup (#707926) Bug: https://bugs.gentoo.org/707926 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> media-libs/openjpeg/openjpeg-2.3.1.ebuild | 133 ------------------------------ 1 file changed, 133 deletions(-)
GLSA Vote: No! Repository is clean, all done!