[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#33924: OpenJPEG security issues
From: |
Marius Bakke |
Subject: |
bug#33924: OpenJPEG security issues |
Date: |
Wed, 24 Apr 2019 18:41:39 +0200 |
User-agent: |
Notmuch/0.28.3 (https://notmuchmail.org) Emacs/26.2 (x86_64-pc-linux-gnu) |
Leo Famulari <address@hidden> writes:
> There are several open security bugs in our package of OpenJPEG 2.3.0:
>
> http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=openjpeg
>
> `guix refresh -l openjpeg` reports that several thousand packages would
> need to be rebuilt if we changed OpenJPEG, so we will need to fix these
> bugs by cherry-picking the upstream bugfix patches in a grafted
> replacement package.
>
> If anyone is interested in doing the work and needs advice, please ask
> for help :)
>
> These are the CVE identifiers:
>
> CVE-2017-17479
> CVE-2018-5727
> CVE-2018-5785
> CVE-2018-6616
> CVE-2018-7648
> CVE-2018-14423
> CVE-2018-16375
> CVE-2018-16376
> CVE-2018-17480
> CVE-2018-18088
I believe commit 0e2b0b05accdea7c3f016f8483d0ec04021114d3 fixed these.
signature.asc
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#33924: OpenJPEG security issues,
Marius Bakke <=