[Pkg-phototools-devel] Bug#939553: openjpeg2: CVE-2018-21010

Mathieu Malaterre malat at debian.org
Mon Oct 7 09:26:39 BST 2019


Hugo,

On Mon, Oct 7, 2019 at 10:16 AM Hugo Lefeuvre <hle at debian.org> wrote:
>
> Hi Salvatore, Matthieu,
>

s/Matthieu/Mathieu/

> I'm going to bump unstable to 2.3.1, this should address the four
> currently open issues.
>
> Matthieu, if you want to double check the debdiff before upload, let me know. :)

I was about to upload 2.3.1 this week, so this should be just fine.
Pay attention to 2.3.0-3 in your dch that's all I care really. I'll
import in git after the upload since it is ready.

> I might prepare a small jessie update for CVE-2018-21010. I had a quick
> look, and so far it seems that this vulnerability would allow significant
> heap write overflow. Hard to exploit, but this is enough for a DLA, in my
> opinion.
>
> Regarding stretch and buster, I don't think this is worth a DSA, but we
> could fix this via a point update later on.
>

good

> cheers,
> Hugo
>
> --
>                 Hugo Lefeuvre (hle)    |    www.owl.eu.com
> RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
> ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C



More information about the Pkg-phototools-devel mailing list