Package: openjpeg
Severity: grave
Tags: security upstream patch
Hi
This is to track the issues released with DSA-2808-1 for openjpeg in
the BTS. See
http://lists.debian.org/debian-security-announce/2013/msg00222.html
http://www.debian.org/security/2013/dsa-2808
Regards,
Salvatore
Source: openjpeg
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for openjpeg.
CVE-2014-0158[0]:
Heap-based buffer overflow in JPEG2000 image tile decoder
More information are on the Red Hat bugzilla[1].
If you fix the vulnerability please also make sure
Source: darktable
Version: 1.0.4-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for darktable.
CVE-2015-3885[0]:
| Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier
| allows remote attackers to cause a denial of service (crash)
Source: optipng
Version: 0.7.5-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for optipng.
CVE-2015-7802[0]:
Buffer overflow in global memory
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures)
Hi
The used patch took into account as well the fixed from upstream bugs
56 and 57, which correspond to CVE-2016-3981 and CVE-2016-3982. At the
time of writing those two CVEs were not yet assigned.
So once accepted into the archive, I will update as well the
information for those CVEs.
Regards,
@@
+optipng (0.7.5-1.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * CVE-2016-2191: Invalid write while processing delta escapes without
+any boundary checking (Patch from Moritz Muehlenhoff from the jessie-
+security upload) (Closes: #820068)
+
+ -- Salvatore Bonaccorso <
Source: optipng
Version: 0.6.4-1
Severity: important
Tags: security upstream fixed-upstream
Forwarded: https://sourceforge.net/p/optipng/bugs/59/
Hi,
the following vulnerability was published for optipng and is fixed
in 0.7.6 upstream.
CVE-2016-2191[0]:
Invalid write while processing delta
Control: retitle -1 openjpeg2: CVE-2015-8871: Use-after-free in
opj_j2k_write_mco
Hi,
On Sun, Sep 27, 2015 at 01:54:25PM +0200, Salvatore Bonaccorso wrote:
> Source: openjpeg2
> Version: 2.1.0-2
> Severity: important
> Tags: security upstream patch fixed-upstream
> Forwarded: htt
Source: lepton
Version: 1.0-2
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
Multiple issues were found in lepton. The CVE request was at
http://www.openwall.com/lists/oss-security/2016/07/17/1 referencing
https://github.com/dropbox/lepton/issues/26 (note to
-9572: NULL pointer dereference in input decoding
+CVE-2016-9573: Heap out-of-bounds read due to insufficient check in
+imagetopnm(). (Closes: #851422)
+
+ -- Salvatore Bonaccorso <car...@debian.org> Sun, 22 Jan 2017 14:18:13 +0100
+
openjpeg2 (2.1.2-1) unstable; urgency=medium
Source: openjpeg2
Version: 2.1.0-2
Severity: grave
Tags: security upstream patch
Control: fixed -1 2.1.0-2+deb8u1
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-7163[0]:
Integer overflow in opj_pi_create_decode
If you fix the vulnerability please also make sure to
Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/858
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-9115[0]:
| Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in
|
Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/859
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-9116[0]:
| NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in
|
Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/857
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-9114[0]:
| There is a NULL Pointer Access in function imagetopnm of
|
Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/856
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-9113[0]:
| There is a NULL pointer dereference in function imagetobmp of
|
Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/855
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-9112[0]:
| Floating Point Exception (aka FPE or divide by zero) in
| opj_pi_next_cprl
Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/861
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-9118[0]:
| Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of
|
Source: openjpeg2
Version: 2.1.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/860
Hi,
the following vulnerability was published for openjpeg2.
CVE-2016-9117[0]:
| NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in
|
Source: lepton
Version: 1.2.1-2
Severity: important
Tags: security upstream patch
Forwarded: https://github.com/dropbox/lepton/issues/86
Hi,
the following vulnerability was published for lepton.
CVE-2017-7448[0]:
| The allocate_channel_framebuffer function in uncompressed_components.hh
| in
Source: feh
Version: 2.12-1
Severity: normal
Tags: upstream security patch fixed-upstream
Hi,
the following vulnerability was published for fehl.
CVE-2017-7875[0]:
| In wallpaper.c in feh before v2.18.3, if a malicious client pretends to
| be the E17 window manager, it is possible to trigger an
Source: lepton
Version: 1.2.1-2
Severity: important
Tags: upstream security
Forwarded: https://github.com/dropbox/lepton/issues/87
Hi,
the following vulnerability was published for lepton.
CVE-2017-8891[0]:
| Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a
| malformed lepton
CVE-2016-9573: Heap out-of-bounds read due to insufficient check in
-imagetopnm(). (Closes: #851422)
-
- -- Salvatore Bonaccorso <car...@debian.org> Sun, 22 Jan 2017 14:18:13 +0100
+ -- Mathieu Malaterre <ma...@debian.org> Fri, 22 Sep 2017 21:51:36 +0200
openjpeg2 (2.1.2-1)
Source: openexr
Version: 2.2.0-11
Severity: important
Tags: security upstream
Forwarded: https://github.com/openexr/openexr/issues/248
Hi,
the following vulnerability was published for openexr.
CVE-2017-14988[0]:
| Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote
|
Source: openjpeg2
Version: 2.1.2-1.3
Severity: grave
Tags: security upstream patch
Forwarded: https://github.com/uclouvain/openjpeg/issues/982
Hi,
the following vulnerability was published for openjpeg2.
CVE-2017-14151[0]:
| An off-by-one error was discovered in
|
Source: openjpeg2
Version: 2.1.2-1.3
Severity: grave
Tags: upstream patch security
Forwarded: https://github.com/uclouvain/openjpeg/issues/985
Hi,
the following vulnerability was published for openjpeg2.
CVE-2017-14152[0]:
| A mishandled zero case was discovered in opj_j2k_set_cinema_parameters
Source: openexr
Version: 2.2.0-11.1
Severity: important
Tags: upstream security
Forwarded: https://github.com/openexr/openexr/issues/238
Hi,
the following vulnerability was published for openexr, filling this
bug to track the upstream issue at [1].
CVE-2017-12596[0]:
| In OpenEXR 2.2.0, a
Hi Mathieu,
On Mon, Sep 25, 2017 at 10:12:31AM +0200, Mathieu Malaterre wrote:
> Control: tags -1 pending
>
> Hi Salvatore,
>
> On Sat, Sep 23, 2017 at 1:59 PM, Salvatore Bonaccorso <car...@debian.org>
> wrote:
> > Source: openjpeg2
> > Version: 2.2.0-1
>
Source: openjpeg2
Version: 2.1.0-2
Severity: important
Tags: patch upstream security
Forwarded: https://github.com/uclouvain/openjpeg/issues/992
Hi,
the following vulnerability was published for openjpeg2.
CVE-2017-14039[0]:
| A heap-based buffer overflow was discovered in the
Source: openjpeg2
Version: 2.1.0-2
Severity: grave
Tags: upstream patch security
Forwarded: https://github.com/uclouvain/openjpeg/issues/997
Hi,
the following vulnerability was published for openjpeg2.
CVE-2017-14041[0]:
| A stack-based buffer overflow was discovered in the pgxtoimage function
Source: openjpeg2
Version: 2.1.0-1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/1044
Hi,
the following vulnerability was published for openjpeg2.
CVE-2017-17480[0]:
| In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the
|
Source: optipng
Version: 0.7.6-1
Severity: important
Tags: security upstream
Forwarded: https://sourceforge.net/p/optipng/bugs/65/
Hi,
the following vulnerability was published for optipng.
CVE-2017-1000229[0]:
| Integer overflow bug in function minitiff_read_info() of optipng 0.7.6
| allows an
Hi Emmanuel
I perfectly realize it's not conforming to the NMU rules, so if that
made you unhappy I apologies for it. I moved the optipng upload from
delayed/5 to delayed/0 since was planing a security update, and the
point release happening this weekend would imply stretch-version <
sid-version.
integer overflow in minitiff_read_info() (CVE-2017-1000229)
+(Closes: #882032)
+ * gifread: Detect indirect circular dependencies in LZW tables
+(CVE-2017-16938) (Closes: #878839)
+
+ -- Salvatore Bonaccorso <car...@debian.org> Thu, 07 Dec 2017 20:43:29 +0100
+
optipng (0.7.6-1) un
Source: openjpeg2
Version: 2.3.0-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/1057
Hi,
the following vulnerability was published for openjpeg2.
CVE-2018-5785[0]:
| In OpenJPEG 2.3.0, there is an integer overflow caused by an
|
Source: openjpeg2
Version: 2.3.0-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/1053
Hi,
the following vulnerability was published for openjpeg2.
CVE-2018-5727[0]:
| In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the
|
Source: openjpeg2
Version: 2.3.0-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/1059
Hi,
the following vulnerability was published for openjpeg2.
CVE-2018-6616[0]:
| In OpenJPEG 2.3.0, there is excessive iteration in the
|
36 matches
Mail list logo
