Branch: refs/heads/release-16.09
Home: https://github.com/NixOS/nixpkgs
Commit: 608276a36fab2c595bc78bcaa4d4d15d2bd7d823
https://github.com/NixOS/nixpkgs/commit/608276a36fab2c595bc78bcaa4d4d15d2bd7d823
Author: Graham Christensen <[email protected]>
Date: 2017-01-07 (Sat, 07 Jan 2017)
Changed paths:
M pkgs/development/libraries/openjpeg/2.1.nix
Log Message:
-----------
openjpeg2: patch for multiple CVEs
- Floating Point Exception (aka FPE or divide by zero) in
opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG
2.1.2. (CVE-2016-9112)
- There is a NULL Pointer Access in function imagetopnm of
convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is
not assigned a value after initialization(NULL). Impact is Denial of
Service. (CVE-2016-9114)
- NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in
OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a
crafted j2k file. (CVE-2016-9116)
- Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of
convert.c:1719 in OpenJPEG 2.1.2. (CVE-2016-9118)
(cherry picked from commit 428927ffa6e5c255ef97f62435b0777f8f9481df)
_______________________________________________
nix-commits mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-commits
