This bug was fixed in the package openjpeg2 - 2.1.1-1ubuntu0.1

---------------
openjpeg2 (2.1.1-1ubuntu0.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: Out-of-bound heap write possible resulting
    in heap corruption and arbitrary code execution (lp: #1630702)
    - debian/patches/CVE-2016-8332.patch: fix incrementing of
      "l_tcp->m_nb_mcc_records" in opj_j2k_read_mcc
      in src/lib/openjp2/j2k.c.
    - CVE-2016-8332
  * SECURITY UPDATE: Integer overflow possible resulting in
    arbitrary code execution via a crafted JP2 file,
    triggering out-of-bound read or write (lp: #1630702)
    - debian/patches/CVE-2016-7163.patch: fix an integer
      overflow issue in function opj_pi_create_decode of
      pi.c in src/lib/openjp2/pi.c.
    - CVE-2016-7163

 -- Nikita Yerenkov-Scott <cooks.go.hun...@gmail.com>  Sat, 08 Oct 2016
16:10:43 +0100

** Changed in: openjpeg2 (Ubuntu Yakkety)
       Status: Confirmed => Fix Released

** Changed in: openjpeg2 (Ubuntu Xenial)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1630702

Title:
  Fix for CVE-2016-8332 and CVE-2016-7163

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjpeg2/+bug/1630702/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to