Your message dated Sun, 27 Apr 2014 16:02:39 +0000
with message-id <e1werxl-00052m...@franck.debian.org>
and subject line Bug#734238: fixed in openjpeg 1.3+dfsg-4.8
has caused the Debian Bug report #734238,
regarding Fix for CVE-2013-6045 breaks decoding of chroma-subsampled images
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
734238: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734238
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libopenjpeg2
Version: 1.3+dfsg-4.7+b1
The patch for CVE-2013-6045 disables decoding of images whose first
color component has a higher resolution than subsequent components.
This is a legitimate image encoding; consider, for example, YCbCr images
with chroma subsampling. This change is preventing OpenSlide from
decoding certain Aperio slide files (example slide at [1]).
For example, consider p0_06.j2k from the OpenJPEG test suite [2]. With
1.3+dfsg-4.6:
$ j2k_to_image -i p0_06.j2k -o out.ppm
[INFO] tile 1 of 1
[INFO] - tiers-1 took 0.020000 s
[INFO] - dwt took 0.000000 s
[INFO] - tile decoded in 0.020000 s
PNM CONVERSION: Truncating component 0 from 12 bits to 8 bits
PNM CONVERSION: Truncating component 1 from 12 bits to 8 bits
PNM CONVERSION: Truncating component 2 from 12 bits to 8 bits
PNM CONVERSION: Truncating component 3 from 12 bits to 8 bits
Generated Outfile out.ppm
With 1.3+dfsg-4.7+b1, the same command produces:
[INFO] tile 1 of 1
[ERROR] Error decoding tile. Component 1 contains only 33153 blocks
while component 0 has 66177 blocks
ERROR -> j2k_to_image: failed to decode image!
[1]:
http://openslide.cs.cmu.edu/download/openslide-testdata/Aperio/JP2K-33003-1.svs
[2]: http://openjpeg.googlecode.com/svn/data/input/conformance/p0_06.j2k
--- End Message ---
--- Begin Message ---
Source: openjpeg
Source-Version: 1.3+dfsg-4.8
We believe that the bug you reported is fixed in the latest version of
openjpeg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 734...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Raphael Geissert <geiss...@debian.org> (supplier of updated openjpeg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 22 Apr 2014 23:14:30 +0200
Source: openjpeg
Binary: libopenjpeg-dev libopenjpeg2 libopenjpeg2-dbg openjpeg-tools
Architecture: source i386
Version: 1.3+dfsg-4.8
Distribution: wheezy-security
Urgency: high
Maintainer: Debian PhotoTools Maintainers
<pkg-phototools-de...@lists.alioth.debian.org>
Changed-By: Raphael Geissert <geiss...@debian.org>
Description:
libopenjpeg-dev - development files for libopenjpeg2, a JPEG 2000 image library
libopenjpeg2 - JPEG 2000 image compression/decompression library
libopenjpeg2-dbg - debug symbols for libopenjpeg2, a JPEG 2000 image library
openjpeg-tools - command-line tools using the JPEG 2000 library
Closes: 734238
Changes:
openjpeg (1.3+dfsg-4.8) wheezy-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix a regression in the decoding of chroma-subsampled images,
introduced by one of the patches for CVE-2013-6045 (Closes: #734238).
Checksums-Sha1:
12ab288b089ec32ff620f6454ea31b757e28cff3 1518 openjpeg_1.3+dfsg-4.8.dsc
6575adf678faa2ef5963836857a7e2e7bf87744d 17969 openjpeg_1.3+dfsg-4.8.diff.gz
d38a8bfcaa98b86780e7975238ba05ba2867bc29 97872
libopenjpeg-dev_1.3+dfsg-4.8_i386.deb
8b874388183fc3ae71b7a35f95d89d0f49eb75b2 84142
libopenjpeg2_1.3+dfsg-4.8_i386.deb
0a37a2ec206a8b5e90e1d444229f3eada13f6c14 158782
libopenjpeg2-dbg_1.3+dfsg-4.8_i386.deb
0bdbd764a76c05529cda11a0bc7ee4af88d3a7db 208870
openjpeg-tools_1.3+dfsg-4.8_i386.deb
Checksums-Sha256:
76280e810c4ebc5c0e7ddb66c7e93c57e7d246d0b105b426982cf9090395d905 1518
openjpeg_1.3+dfsg-4.8.dsc
e2276c659ab1eaac966254d3e0a653f4b1a3160dea582a3a0643574f63ef03cb 17969
openjpeg_1.3+dfsg-4.8.diff.gz
97a2c516291b36b55d9205e124a207dd6ce200300c4a3d0f242a2c7acd7fb912 97872
libopenjpeg-dev_1.3+dfsg-4.8_i386.deb
446fd9db5b4789c3a0ed3bca6989233c9e73ddda417758e833145f05515531dd 84142
libopenjpeg2_1.3+dfsg-4.8_i386.deb
b4c7c429f5e357f2d2aaaf11297a58429825289e1b9ad5743fb795055aa209ea 158782
libopenjpeg2-dbg_1.3+dfsg-4.8_i386.deb
c71c9caf279e1690991b5b62c29af041a7163c84e18ce7fe295d6bc65ba419a3 208870
openjpeg-tools_1.3+dfsg-4.8_i386.deb
Files:
5be0dcd96e7583f4c8d87813fe30100f 1518 libs extra openjpeg_1.3+dfsg-4.8.dsc
7e1bb9932cf377a786f9bdd329ef7fc4 17969 libs extra openjpeg_1.3+dfsg-4.8.diff.gz
1201055c2fb81eb5f25a6b5ecf90d1cf 97872 libdevel extra
libopenjpeg-dev_1.3+dfsg-4.8_i386.deb
425c83044a940b636da54580cf84d7ee 84142 libs extra
libopenjpeg2_1.3+dfsg-4.8_i386.deb
399bca9d4d59b142ecbda34b6bb83492 158782 libdevel extra
libopenjpeg2-dbg_1.3+dfsg-4.8_i386.deb
a3651a3b30d3204465872a63a9bcd697 208870 graphics extra
openjpeg-tools_1.3+dfsg-4.8_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlNW380ACgkQYy49rUbZzlpIKQCeNRiiJOUCrvHbbRr/6g+kAuI8
PiYAn1/Kxxmduc5xID9HoRnnfV5lhgMQ
=VGkl
-----END PGP SIGNATURE-----
--- End Message ---
