[Pkg-phototools-devel] Bug#851422: openjpeg2: CVE-2016-9572 CVE-2016-9573
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 14 18:50:19 UTC 2017
Source: openjpeg2
Version: 2.1.0-2
Severity: grave
Tags: security upstream patch
Justification: user security hole
Forwarded: https://github.com/uclouvain/openjpeg/issues/863
Control: fixed -1 2.1.0-2+deb8u2
Hi,
the following vulnerabilities were published for openjpeg2. Filling it
as RC severity, since Moritz's DSA for openjpeg2 will contain fixes
for those two CVEs, and not having those fixed in stretch would imply
a regression.
CVE-2016-9572[0] and CVE-2016-9573[1]. There is an upstream issue at
[2] with patch[3].
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-9572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572
[1] https://security-tracker.debian.org/tracker/CVE-2016-9573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573
[2] https://github.com/uclouvain/openjpeg/issues/863
[3] https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
Regards,
Salvatore
More information about the Pkg-phototools-devel
mailing list