--- Begin Message ---
Subject: |
OpenJPEG security issues |
Date: |
Sun, 30 Dec 2018 12:41:50 -0500 |
User-agent: |
Mutt/1.11.0 (2018-11-25) |
There are several open security bugs in our package of OpenJPEG 2.3.0:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=openjpeg
`guix refresh -l openjpeg` reports that several thousand packages would
need to be rebuilt if we changed OpenJPEG, so we will need to fix these
bugs by cherry-picking the upstream bugfix patches in a grafted
replacement package.
If anyone is interested in doing the work and needs advice, please ask
for help :)
These are the CVE identifiers:
CVE-2017-17479
CVE-2018-5727
CVE-2018-5785
CVE-2018-6616
CVE-2018-7648
CVE-2018-14423
CVE-2018-16375
CVE-2018-16376
CVE-2018-17480
CVE-2018-18088
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#33924: OpenJPEG security issues |
Date: |
Wed, 24 Apr 2019 18:41:39 +0200 |
User-agent: |
Notmuch/0.28.3 (https://notmuchmail.org) Emacs/26.2 (x86_64-pc-linux-gnu) |
Leo Famulari <address@hidden> writes:
> There are several open security bugs in our package of OpenJPEG 2.3.0:
>
> http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=openjpeg
>
> `guix refresh -l openjpeg` reports that several thousand packages would
> need to be rebuilt if we changed OpenJPEG, so we will need to fix these
> bugs by cherry-picking the upstream bugfix patches in a grafted
> replacement package.
>
> If anyone is interested in doing the work and needs advice, please ask
> for help :)
>
> These are the CVE identifiers:
>
> CVE-2017-17479
> CVE-2018-5727
> CVE-2018-5785
> CVE-2018-6616
> CVE-2018-7648
> CVE-2018-14423
> CVE-2018-16375
> CVE-2018-16376
> CVE-2018-17480
> CVE-2018-18088
I believe commit 0e2b0b05accdea7c3f016f8483d0ec04021114d3 fixed these.
signature.asc
Description: PGP signature
--- End Message ---