openjpeg2 (2.1.1-1ubuntu0.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: Out-of-bound heap write possible resulting
    in heap corruption and arbitrary code execution (lp: #1630702)
    - debian/patches/CVE-2016-8332.patch: fix incrementing of
      "l_tcp->m_nb_mcc_records" in opj_j2k_read_mcc 
      in src/lib/openjp2/j2k.c.
    - CVE-2016-8332
  * SECURITY UPDATE: Integer overflow possible resulting in 
    arbitrary code execution via a crafted JP2 file, 
    triggering out-of-bound read or write (lp: #1630702)
    - debian/patches/CVE-2016-7163.patch: fix an integer 
      overflow issue in function opj_pi_create_decode of 
      pi.c in src/lib/openjp2/pi.c.
    - CVE-2016-7163

Date: 2016-10-14 12:08:14.126607+00:00
Changed-By: Nikita Yerenkov-Scott <cooks.go.hun...@gmail.com>
Signed-By: Ubuntu Archive Robot 
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/openjpeg2/2.1.1-1ubuntu0.1
Sorry, changesfile not available.
-- 
Yakkety-changes mailing list
Yakkety-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/yakkety-changes

Reply via email to