Your message dated Sat, 16 May 2026 23:41:35 +0000
with message-id <[email protected]>
and subject line Bug#1133832: fixed in openjpeg2 2.5.0-2+deb12u3
has caused the Debian Bug report #1133832,
regarding openjpeg2: CVE-2026-6192
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1133832: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133832
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openjpeg2
Version: 2.5.4-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/1619
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for openjpeg2.
CVE-2026-6192[0]:
| A vulnerability was identified in uclouvain openjpeg up to 2.5.4.
| This impacts the function opj_pi_initialise_encode in the library
| src/lib/openjp2/pi.c. The manipulation leads to integer overflow.
| The attack must be carried out locally. The exploit is publicly
| available and might be used. The identifier of the patch is
| 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install
| a patch to address this issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-6192
https://www.cve.org/CVERecord?id=CVE-2026-6192
[1] https://github.com/uclouvain/openjpeg/issues/1619
[2] https://github.com/uclouvain/openjpeg/pull/1628
[3]
https://github.com/uclouvain/openjpeg/commit/839936aa33eb8899bbbd80fda02796bb65068951
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openjpeg2
Source-Version: 2.5.0-2+deb12u3
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
openjpeg2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated openjpeg2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 12 May 2026 15:15:10 +0200
Source: openjpeg2
Architecture: source
Version: 2.5.0-2+deb12u3
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 1133832
Changes:
openjpeg2 (2.5.0-2+deb12u3) bookworm-security; urgency=medium
.
* CVE-2026-6192 (Closes: #1133832)
Checksums-Sha1:
2d13f4d510c7cf3e827a9b706c06f11bed405cbc 2705 openjpeg2_2.5.0-2+deb12u3.dsc
dbca041fa0101aca6216a7379c9d3dd3fc6891ba 20404
openjpeg2_2.5.0-2+deb12u3.debian.tar.xz
1183ecd71e8ec7ecd2382e2d63769ae28c749f5c 17902
openjpeg2_2.5.0-2+deb12u3_amd64.buildinfo
Checksums-Sha256:
f570a7c10d36f2d5b2553941e7821ed88d1cf7a93f9c49e7f6099e53f4491f47 2705
openjpeg2_2.5.0-2+deb12u3.dsc
36dedb0ca4c1659c173feac97c19b31985656f4cd112b1a4d54d54bc4133ad37 20404
openjpeg2_2.5.0-2+deb12u3.debian.tar.xz
c42423a48d4d918bf02e8a03f57717ab53b4969385a9ae0cb26bfb9517d00bae 17902
openjpeg2_2.5.0-2+deb12u3_amd64.buildinfo
Files:
b46e7de52c8d16e2dafd2a3b9a242729 2705 libs optional
openjpeg2_2.5.0-2+deb12u3.dsc
6162ae4f5cf0602884cf120ae4fe6a10 20404 libs optional
openjpeg2_2.5.0-2+deb12u3.debian.tar.xz
3ed182f095da0427b15ccc50df7fc3e9 17902 libs optional
openjpeg2_2.5.0-2+deb12u3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoDKJcACgkQEMKTtsN8
TjaGiA//djXL+JG6HAq1O+pqUZbIqoqf6xn+F6L186YJcCHhd6MQJeYdDKmxk6PZ
DNtM4dmcxhrb7MrNUxegfAsIhOeeuCsOd4qoEPttVTydkBn6Wbr38xycl8nuDSTy
S4wfFTPFfGk07cCEDI0xXrWUYjyRD6WNdYcpTZ8shitmvm/GnAjUhTCBz17zi9Uc
XcNAQ0AUXAHnQNzL/GND1NacYepD7RxVtxXlC4BbVfrzK3L0MmNqrxy+ZKqZPWTk
pU8L6CDOaC2NBqrwvrzxVGn+dNi8TyZQlmIEUwP2aPH2y2g3v/jCG4IriLlXXH9z
aA8h+xCHn3A0VOweE1BNWwyNLr4LCxKVzZYRzPn8Lav3apwWKEXMrzMP0MZESzIM
8lWbY5myB3Okfp7TTbeDoysEC2nOsVNkc1aTeDEOJlCNvvSKmKXEcDi0VHsC6kEp
B3c25tUmSQqAcqoxfCcXHC+bcsLCLkV6XJtY48DfOLh33Ul8/XZwUdVSU8nBHrQD
J4JAHqziASu5aDHSWaIoDdBYf4uct7WHV5XWUA9aOBlCT6gL0a7uwTfLH6s/cAbQ
1lzNudiRNPMilXACXkoQqPgALGw9/ijAlRQp8NIJHmahrKz3CV/tBSD8OuH/s8Z8
oxAIfyAYOqPGgMTHHaDHIoMyYa6eDKqczFThce9++RpX3vpTe88=
=EOwa
-----END PGP SIGNATURE-----
pgpN95flbjNGz.pgp
Description: PGP signature
--- End Message ---
