[Pkg-phototools-devel] Bug#851422: openjpeg2: CVE-2016-9572 CVE-2016-9573

Salvatore Bonaccorso carnil at debian.org
Sat Jan 14 18:50:19 UTC 2017


Source: openjpeg2
Version: 2.1.0-2
Severity: grave
Tags: security upstream patch
Justification: user security hole
Forwarded: https://github.com/uclouvain/openjpeg/issues/863
Control: fixed -1 2.1.0-2+deb8u2

Hi,

the following vulnerabilities were published for openjpeg2. Filling it
as RC severity, since Moritz's DSA for openjpeg2 will contain fixes
for those two CVEs, and not having those fixed in stretch would imply
a regression.

CVE-2016-9572[0] and CVE-2016-9573[1]. There is an upstream issue at
[2] with patch[3].

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-9572
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572
[1] https://security-tracker.debian.org/tracker/CVE-2016-9573
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573
[2] https://github.com/uclouvain/openjpeg/issues/863
[3] https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d

Regards,
Salvatore



More information about the Pkg-phototools-devel mailing list