Package: openjpeg2 Severity: important Tags: security patch Version: 2.1.0-2
Hi, the following vulnerability was published for openjpeg2. CVE-2015-6581[0]: | Double free vulnerability in the | opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG | before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, | allows remote attackers to execute arbitrary code or cause a denial of | service (heap memory corruption) by triggering a memory-allocation | failure. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-6581 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6581 jessie is affected as The upstream fix is here: https://github.com/uclouvain/openjpeg/commit/0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0 Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
