bug#33924: OpenJPEG security issues

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#33924: OpenJPEG security issues

From:	Leo Famulari
Subject:	bug#33924: OpenJPEG security issues
Date:	Sun, 30 Dec 2018 12:41:50 -0500
User-agent:	Mutt/1.11.0 (2018-11-25)

There are several open security bugs in our package of OpenJPEG 2.3.0:

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=openjpeg

`guix refresh -l openjpeg` reports that several thousand packages would
need to be rebuilt if we changed OpenJPEG, so we will need to fix these
bugs by cherry-picking the upstream bugfix patches in a grafted
replacement package.

If anyone is interested in doing the work and needs advice, please ask
for help :)

These are the CVE identifiers:

CVE-2017-17479
CVE-2018-5727
CVE-2018-5785
CVE-2018-6616
CVE-2018-7648
CVE-2018-14423
CVE-2018-16375
CVE-2018-16376
CVE-2018-17480
CVE-2018-18088

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#33924: OpenJPEG security issues, Leo Famulari <=

Prev by Date: bug#25256: A lot of tests failed when building guix 0.12.0 from source
Next by Date: bug#33925: Qt 5.11.3 bug-fix update
Previous by thread: bug#25256: A lot of tests failed when building guix 0.12.0 from source
Next by thread: bug#33925: Qt 5.11.3 bug-fix update
Index(es):
- Date
- Thread