Our openjpeg and openjpeg2 packages have far more than this one flaw unaccounted for:
http://people.canonical.com/~ubuntu-security/cve/pkg/openjpeg.html http://people.canonical.com/~ubuntu-security/cve/pkg/openjpeg2.html (I suspect that most issues that apply to one also apply to the other; there is probably more overlap between the two packages.) Fixing just one open issue is probably not worth the time; fixing most of them would be. Finding fixes for all of them may not be feasible. Since we rely upon our community users to test updates, we really do need whoever supplies patches to have built and tested them all first. If you're in for only one release, that's still useful, and perhaps someone else would be willing to tackle the others later. Probably the 2.x.x patch can be made to apply to the 1.5.2 version we have packaged; the codebases looked very similar to me last time I reviewed both. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1630702 Title: CVE-2016-8332 allows an out-of-bound heap write to occur resulting in heap corruption and arbitrary code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjpeg/+bug/1630702/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
