Your message dated Tue, 18 Mar 2014 15:46:57 +0100
with message-id
<CA+7wUsx=gpzovw7cmst-xzppk0mgng3v+ddmtbj54gu9wnz...@mail.gmail.com>
and subject line
has caused the Debian Bug report #722540,
regarding openjpeg: CVE-2013-4289 CVE-2013-4290
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
722540: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722540
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openjpeg
Severity: grave
Tags: security
Justification: user security hole
Please see http://seclists.org/oss-sec/2013/q3/593
Patches are not yet available.
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Control: tag -1 wontfix
Control: notfound -1 1.5.1-2
Actually the JP3D code is not part of the binary package. So this CVE
only affect source code that is not compiled on debian packages.
I have forwarded this upstream, and will work on having it fix.
Meanwhile I am closing this since it does not impact debian package at
all.
--- End Message ---
