[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#33924: OpenJPEG security issues

From: Marius Bakke
Subject: bug#33924: OpenJPEG security issues
Date: Wed, 24 Apr 2019 18:41:39 +0200
User-agent: Notmuch/0.28.3 (https://notmuchmail.org) Emacs/26.2 (x86_64-pc-linux-gnu)

Leo Famulari <address@hidden> writes:

> There are several open security bugs in our package of OpenJPEG 2.3.0:
> http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=openjpeg
> `guix refresh -l openjpeg` reports that several thousand packages would
> need to be rebuilt if we changed OpenJPEG, so we will need to fix these
> bugs by cherry-picking the upstream bugfix patches in a grafted
> replacement package.
> If anyone is interested in doing the work and needs advice, please ask
> for help :)
> These are the CVE identifiers:
> CVE-2017-17479
> CVE-2018-5727
> CVE-2018-5785
> CVE-2018-6616
> CVE-2018-7648
> CVE-2018-14423
> CVE-2018-16375
> CVE-2018-16376
> CVE-2018-17480
> CVE-2018-18088

I believe commit 0e2b0b05accdea7c3f016f8483d0ec04021114d3 fixed these.

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]