[Pkg-phototools-devel] Bug#874118: CVE-2017-14039: Heap-based buffer overflow in opj_t2_encode_packet function in lib/openjp2/t2.c
malat at debian.org
Mon Oct 16 19:22:41 UTC 2017
This is the second time you /saved/ me (sorry for my limited Spanish) :)
On Mon, Oct 16, 2017 at 7:12 PM, Salvatore Bonaccorso <carnil at debian.org> wrote:
> Hello Mathieu,
> On Mon, Oct 16, 2017 at 06:12:30PM +0200, Mathieu Malaterre wrote:
>> Control: severity -1 important
>> While I understand the this generic heap based buffer overflow ought
>> to be fixed in Debian stable, I fail to see why it is marked as
>> affecting stretch.
> In my initial report I wrote: "The issue is covered by , so trying
> to reproduce the issue leads to an assertion failure up to the version
> in sid instead."
> My point was, yes if you try to reproduce with current version you
> will reach the assertion, because it's yet covered by the missing
> commit 4241ae6fbbf1de9658764a80944dc8108f2b4154. Applying that as well
> shows the underlying issue.
Indeed I missed your carefully written bug report(s). Can't believe I
could not use one of those fancy AI to figure out the
whitespace/indent changes to merge those original commits.
Anyway I've manually fixed all those. Pushed +deb9u2 a moment ago.
Thanks again for your bug report(s) they contained all the details needed.
More information about the Pkg-phototools-devel