[Pkg-phototools-devel] Bug#939553: openjpeg2: CVE-2018-21010
Hugo Lefeuvre
hle at debian.org
Mon Oct 7 09:16:12 BST 2019
Hi Salvatore, Matthieu,
I'm going to bump unstable to 2.3.1, this should address the four
currently open issues.
Matthieu, if you want to double check the debdiff before upload, let me know. :)
I might prepare a small jessie update for CVE-2018-21010. I had a quick
look, and so far it seems that this vulnerability would allow significant
heap write overflow. Hard to exploit, but this is enough for a DLA, in my
opinion.
Regarding stretch and buster, I don't think this is worth a DSA, but we
could fix this via a point update later on.
cheers,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-phototools-devel/attachments/20191007/7e3e341d/attachment.sig>
More information about the Pkg-phototools-devel
mailing list