[Pkg-phototools-devel] Bug#939553: openjpeg2: CVE-2018-21010
Salvatore Bonaccorso
carnil at debian.org
Mon Oct 7 09:46:08 BST 2019
Hi,
On Mon, Oct 07, 2019 at 10:26:39AM +0200, Mathieu Malaterre wrote:
> > I might prepare a small jessie update for CVE-2018-21010. I had a quick
> > look, and so far it seems that this vulnerability would allow significant
> > heap write overflow. Hard to exploit, but this is enough for a DLA, in my
> > opinion.
> >
> > Regarding stretch and buster, I don't think this is worth a DSA, but we
> > could fix this via a point update later on.
Sounds sensible, so please go ahead as well with marking it as no-dsa
in the security-tracker!
Regards,
Salvatore
More information about the Pkg-phototools-devel
mailing list