Package: openjpeg
Severity: grave
Tags: security upstream patch
Hi
This is to track the issues released with DSA-2808-1 for openjpeg in
the BTS. See
http://lists.debian.org/debian-security-announce/2013/msg00222.html
http://www.debian.org/security/2013/dsa-2808
Regards,
Salvatore
___
Source: openjpeg
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for openjpeg.
CVE-2014-0158[0]:
Heap-based buffer overflow in JPEG2000 image tile decoder
More information are on the Red Hat bugzilla[1].
If you fix the vulnerability please also make sure t
Source: darktable
Version: 1.0.4-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for darktable.
CVE-2015-3885[0]:
| Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier
| allows remote attackers to cause a denial of service (crash) vi
Source: openjpeg2
Version: 2.1.0-2
Severity: important
Tags: security upstream patch fixed-upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/563
Hi
A use-after-free vulnerability was found in openjpeg2, see
http://www.openwall.com/lists/oss-security/2015/09/15/4 for the
correspondi
Source: optipng
Version: 0.7.5-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for optipng.
CVE-2015-7802[0]:
Buffer overflow in global memory
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) i
Source: optipng
Version: 0.6.4-1
Severity: important
Tags: security upstream fixed-upstream
Forwarded: https://sourceforge.net/p/optipng/bugs/59/
Hi,
the following vulnerability was published for optipng and is fixed
in 0.7.6 upstream.
CVE-2016-2191[0]:
Invalid write while processing delta escap
+1,12 @@
+optipng (0.7.5-1.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * CVE-2016-2191: Invalid write while processing delta escapes without
+any boundary checking (Patch from Moritz Muehlenhoff from the jessie-
+security upload) (Closes: #820068)
+
+ -- Salvatore Bonaccorso
Hi
The used patch took into account as well the fixed from upstream bugs
56 and 57, which correspond to CVE-2016-3981 and CVE-2016-3982. At the
time of writing those two CVEs were not yet assigned.
So once accepted into the archive, I will update as well the
information for those CVEs.
Regards,
Control: retitle -1 openjpeg2: CVE-2015-8871: Use-after-free in
opj_j2k_write_mco
Hi,
On Sun, Sep 27, 2015 at 01:54:25PM +0200, Salvatore Bonaccorso wrote:
> Source: openjpeg2
> Version: 2.1.0-2
> Severity: important
> Tags: security upstream patch fixed-upstream
> Forwarded: htt
Source: lepton
Version: 1.0-2
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
Multiple issues were found in lepton. The CVE request was at
http://www.openwall.com/lists/oss-security/2016/07/17/1 referencing
https://github.com/dropbox/lepton/issues/26 (note to compile
Source: openjpeg2
Version: 2.1.0-2
Severity: grave
Tags: security upstream patch
Control: fixed -1 2.1.0-2+deb8u1
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-7163[0]:
Integer overflow in opj_pi_create_decode
If you fix the vulnerability please also make sure to include
Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/856
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-9113[0]:
| There is a NULL pointer dereference in function imagetobmp of
| convertbmp.c
Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/855
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-9112[0]:
| Floating Point Exception (aka FPE or divide by zero) in
| opj_pi_next_cprl f
Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/858
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-9115[0]:
| Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in
| Open
Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/859
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-9116[0]:
| NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in
| OpenJ
Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/857
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-9114[0]:
| There is a NULL Pointer Access in function imagetopnm of
| convert.c:1943(jp
Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/861
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-9118[0]:
| Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of
| convert.c
Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/860
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-9117[0]:
| NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in
| OpenJ
Source: openjpeg2
Version: 2.1.0-2
Severity: grave
Tags: security upstream patch
Justification: user security hole
Forwarded: https://github.com/uclouvain/openjpeg/issues/863
Control: fixed -1 2.1.0-2+deb8u2
Hi,
the following vulnerabilities were published for openjpeg2. Filling it
as RC severity
-2016-9572: NULL pointer dereference in input decoding
+CVE-2016-9573: Heap out-of-bounds read due to insufficient check in
+imagetopnm(). (Closes: #851422)
+
+ -- Salvatore Bonaccorso Sun, 22 Jan 2017 14:18:13 +0100
+
openjpeg2 (2.1.2-1) unstable; urgency=medium
* New upstream. C
Source: lepton
Version: 1.2.1-2
Severity: important
Tags: security upstream patch
Forwarded: https://github.com/dropbox/lepton/issues/86
Hi,
the following vulnerability was published for lepton.
CVE-2017-7448[0]:
| The allocate_channel_framebuffer function in uncompressed_components.hh
| in Drop
Source: feh
Version: 2.12-1
Severity: normal
Tags: upstream security patch fixed-upstream
Hi,
the following vulnerability was published for fehl.
CVE-2017-7875[0]:
| In wallpaper.c in feh before v2.18.3, if a malicious client pretends to
| be the E17 window manager, it is possible to trigger an
Source: lepton
Version: 1.2.1-2
Severity: important
Tags: upstream security
Forwarded: https://github.com/dropbox/lepton/issues/87
Hi,
the following vulnerability was published for lepton.
CVE-2017-8891[0]:
| Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a
| malformed lepton f
Source: libexif
Version: 0.6.21-2
Severity: important
Tags: security patch upstream
Hi,
the following vulnerability was published for libexif.
CVE-2016-6328[0]:
|Integer overflow in parsing MNOTE entry data of the input file
If you fix the vulnerability please also make sure to include the
CVE
Source: openjpeg2
Version: 2.1.2-1.1
Severity: important
Tags: security upstream patch
Forwarded: https://github.com/uclouvain/openjpeg/issues/835
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-10504[0]:
| Heap-based buffer overflow vulnerability in the opj_mqc_byteout
| f
Source: openjpeg2
Version: 2.1.0-2
Severity: grave
Tags: upstream patch security
Forwarded: https://github.com/uclouvain/openjpeg/issues/997
Hi,
the following vulnerability was published for openjpeg2.
CVE-2017-14041[0]:
| A stack-based buffer overflow was discovered in the pgxtoimage function
|
Source: openjpeg2
Version: 2.1.0-2
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/995
Hi,
the following vulnerability was published for openjpeg2.
CVE-2017-14040[0]:
| An invalid write access was discovered in bin/jp2/convert.c in OpenJP
Source: openjpeg2
Version: 2.1.0-2
Severity: important
Tags: patch upstream security
Forwarded: https://github.com/uclouvain/openjpeg/issues/992
Hi,
the following vulnerability was published for openjpeg2.
CVE-2017-14039[0]:
| A heap-based buffer overflow was discovered in the opj_t2_encode_pack
Source: openjpeg2
Version: 2.1.2-1.3
Severity: grave
Tags: security upstream patch
Forwarded: https://github.com/uclouvain/openjpeg/issues/982
Hi,
the following vulnerability was published for openjpeg2.
CVE-2017-14151[0]:
| An off-by-one error was discovered in
| opj_tcd_code_block_enc_allocate
Source: openjpeg2
Version: 2.1.2-1.3
Severity: grave
Tags: upstream patch security
Forwarded: https://github.com/uclouvain/openjpeg/issues/985
Hi,
the following vulnerability was published for openjpeg2.
CVE-2017-14152[0]:
| A mishandled zero case was discovered in opj_j2k_set_cinema_parameters
On Wed, Sep 06, 2017 at 06:58:36AM +0200, Salvatore Bonaccorso wrote:
> Source: openjpeg2
> Version: 2.1.2-1.3
> Severity: grave
> Tags: upstream patch security
> Forwarded: https://github.com/uclouvain/openjpeg/issues/985
>
> Hi,
>
> the following vulnerability
Source: libexif
Version: 0.6.21-2
Severity: important
Tags: security patch upstream
Forwarded: https://sourceforge.net/p/libexif/bugs/130/
Hi,
the following vulnerability was published for libexif.
CVE-2017-7544[0]:
| libexif through 0.6.21 is vulnerable to out-of-bounds heap read
| vulnerabilit
d due to insufficient check in
-imagetopnm(). (Closes: #851422)
-
- -- Salvatore Bonaccorso Sun, 22 Jan 2017 14:18:13 +0100
+ -- Mathieu Malaterre Fri, 22 Sep 2017 21:51:36 +0200
openjpeg2 (2.1.2-1) unstable; urgency=medium
cut-cut-cut-cut-cut---
Hi Mathieu,
On Mon, Sep 25, 2017 at 10:12:31AM +0200, Mathieu Malaterre wrote:
> Control: tags -1 pending
>
> Hi Salvatore,
>
> On Sat, Sep 23, 2017 at 1:59 PM, Salvatore Bonaccorso
> wrote:
> > Source: openjpeg2
> > Version: 2.2.0-1
> > Severity: normal
&
Source: openexr
Version: 2.2.0-11.1
Severity: important
Tags: upstream security
Forwarded: https://github.com/openexr/openexr/issues/238
Hi,
the following vulnerability was published for openexr, filling this
bug to track the upstream issue at [1].
CVE-2017-12596[0]:
| In OpenEXR 2.2.0, a crafte
Source: openexr
Version: 2.2.0-11
Severity: important
Tags: security upstream
Forwarded: https://github.com/openexr/openexr/issues/248
Hi,
the following vulnerability was published for openexr.
CVE-2017-14988[0]:
| Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote
| attacke
Hello Mathieu,
On Mon, Oct 16, 2017 at 06:12:30PM +0200, Mathieu Malaterre wrote:
> Control: severity -1 important
>
> While I understand the this generic heap based buffer overflow ought
> to be fixed in Debian stable, I fail to see why it is marked as
> affecting stretch.
[...]
In my initial
Source: optipng
Version: 0.7.6-1
Severity: important
Tags: security upstream
Forwarded: https://sourceforge.net/p/optipng/bugs/65/
Hi,
the following vulnerability was published for optipng.
CVE-2017-1000229[0]:
| Integer overflow bug in function minitiff_read_info() of optipng 0.7.6
| allows an
event integer overflow in minitiff_read_info() (CVE-2017-1000229)
+(Closes: #882032)
+ * gifread: Detect indirect circular dependencies in LZW tables
+(CVE-2017-16938) (Closes: #878839)
+
+ -- Salvatore Bonaccorso Thu, 07 Dec 2017 20:43:29 +0100
+
optipng (0.7.6-1) unstable; urgency=m
Hi Emmanuel
I perfectly realize it's not conforming to the NMU rules, so if that
made you unhappy I apologies for it. I moved the optipng upload from
delayed/5 to delayed/0 since was planing a security update, and the
point release happening this weekend would imply stretch-version <
sid-version.
Source: openjpeg2
Version: 2.1.0-1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/1044
Hi,
the following vulnerability was published for openjpeg2.
CVE-2017-17480[0]:
| In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the
| pgxto
Source: openjpeg2
Version: 2.3.0-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/1057
Hi,
the following vulnerability was published for openjpeg2.
CVE-2018-5785[0]:
| In OpenJPEG 2.3.0, there is an integer overflow caused by an
| out-of-bound
Source: openjpeg2
Version: 2.3.0-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/1053
Hi,
the following vulnerability was published for openjpeg2.
CVE-2018-5727[0]:
| In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the
| opj_
Source: openjpeg2
Version: 2.3.0-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/1059
Hi,
the following vulnerability was published for openjpeg2.
CVE-2018-6616[0]:
| In OpenJPEG 2.3.0, there is excessive iteration in the
| opj_t1_encode_cblk
44 matches
Mail list logo
