Your message dated Wed, 07 May 2014 22:53:52 +0000
with message-id <e1wiaim-0002oe...@franck.debian.org>
and subject line Bug#734238: fixed in openjpeg 1.3+dfsg-4+squeeze3
has caused the Debian Bug report #734238,
regarding Fix for CVE-2013-6045 breaks decoding of chroma-subsampled images
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
734238: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734238
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libopenjpeg2
Version: 1.3+dfsg-4.7+b1
The patch for CVE-2013-6045 disables decoding of images whose first
color component has a higher resolution than subsequent components.
This is a legitimate image encoding; consider, for example, YCbCr images
with chroma subsampling. This change is preventing OpenSlide from
decoding certain Aperio slide files (example slide at [1]).
For example, consider p0_06.j2k from the OpenJPEG test suite [2]. With
1.3+dfsg-4.6:
$ j2k_to_image -i p0_06.j2k -o out.ppm
[INFO] tile 1 of 1
[INFO] - tiers-1 took 0.020000 s
[INFO] - dwt took 0.000000 s
[INFO] - tile decoded in 0.020000 s
PNM CONVERSION: Truncating component 0 from 12 bits to 8 bits
PNM CONVERSION: Truncating component 1 from 12 bits to 8 bits
PNM CONVERSION: Truncating component 2 from 12 bits to 8 bits
PNM CONVERSION: Truncating component 3 from 12 bits to 8 bits
Generated Outfile out.ppm
With 1.3+dfsg-4.7+b1, the same command produces:
[INFO] tile 1 of 1
[ERROR] Error decoding tile. Component 1 contains only 33153 blocks
while component 0 has 66177 blocks
ERROR -> j2k_to_image: failed to decode image!
[1]:
http://openslide.cs.cmu.edu/download/openslide-testdata/Aperio/JP2K-33003-1.svs
[2]: http://openjpeg.googlecode.com/svn/data/input/conformance/p0_06.j2k
--- End Message ---
--- Begin Message ---
Source: openjpeg
Source-Version: 1.3+dfsg-4+squeeze3
We believe that the bug you reported is fixed in the latest version of
openjpeg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 734...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Raphael Geissert <geiss...@debian.org> (supplier of updated openjpeg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 22 Apr 2014 23:14:30 +0200
Source: openjpeg
Binary: libopenjpeg-dev libopenjpeg2 libopenjpeg2-dbg openjpeg-tools
Architecture: source i386
Version: 1.3+dfsg-4+squeeze3
Distribution: squeeze-security
Urgency: high
Maintainer: Debian PhotoTools Maintainers
<pkg-phototools-de...@lists.alioth.debian.org>
Changed-By: Raphael Geissert <geiss...@debian.org>
Description:
libopenjpeg-dev - development files for libopenjpeg2, a JPEG 2000 image library
libopenjpeg2 - JPEG 2000 image compression/decompression library
libopenjpeg2-dbg - debug symbols for libopenjpeg2, a JPEG 2000 image library
openjpeg-tools - command-line tools using the JPEG 2000 library
Closes: 734238
Changes:
openjpeg (1.3+dfsg-4+squeeze3) squeeze-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix a regression in the decoding of chroma-subsampled images,
introduced by one of the patches for CVE-2013-6045 (Closes: #734238).
Checksums-Sha1:
7abe6052dea838552d38eb0d717a25134c7d78a9 1372 openjpeg_1.3+dfsg-4+squeeze3.dsc
522135b04c706bc96629aa601e9420cc473c290f 17723
openjpeg_1.3+dfsg-4+squeeze3.diff.gz
0adee0df99844643c8d661c77699575ec0c80c89 92460
libopenjpeg-dev_1.3+dfsg-4+squeeze3_i386.deb
07b97c3628ca64b3c3fcb9a2827862fb8527ef5d 78652
libopenjpeg2_1.3+dfsg-4+squeeze3_i386.deb
022f17aa8a613be5e1bb9b57b982ec6589412c19 296166
libopenjpeg2-dbg_1.3+dfsg-4+squeeze3_i386.deb
afdce691e509c8f1c81c7a5faf3217fe8b5cb302 195372
openjpeg-tools_1.3+dfsg-4+squeeze3_i386.deb
Checksums-Sha256:
8f9862007d3128fca82c8e5ba8d19c999c35939d10299fbec584734419c45c3d 1372
openjpeg_1.3+dfsg-4+squeeze3.dsc
0a2718d52b1fb3cb6932507863abb5ba8e2e140cf5c99e13612da41be89da0a1 17723
openjpeg_1.3+dfsg-4+squeeze3.diff.gz
e650cfc52d8f82721afed956217436279017b1b526dda4a6865a4abdfa6aa4aa 92460
libopenjpeg-dev_1.3+dfsg-4+squeeze3_i386.deb
5856456079fa4e46ad331cae93c0b1e373aca4048d50dacae785e856d9b517cd 78652
libopenjpeg2_1.3+dfsg-4+squeeze3_i386.deb
c023c4d9627a26de825b876bbbc0b0cf9f7ae8db47c130b9d34c2020c6cfed52 296166
libopenjpeg2-dbg_1.3+dfsg-4+squeeze3_i386.deb
d054d1e99bb65f55b1236084b7d95ba23d308a2e3c90e793641539b5694c358b 195372
openjpeg-tools_1.3+dfsg-4+squeeze3_i386.deb
Files:
9af2b57217a6f99a2fd81a54419404c2 1372 libs extra
openjpeg_1.3+dfsg-4+squeeze3.dsc
96eb36d2efb8ed967696a0bd3b1e9dd4 17723 libs extra
openjpeg_1.3+dfsg-4+squeeze3.diff.gz
17099c8493b656d4da57d2d656ce068b 92460 libdevel extra
libopenjpeg-dev_1.3+dfsg-4+squeeze3_i386.deb
4e3ae9ec728d8af3321558957007387e 78652 libs extra
libopenjpeg2_1.3+dfsg-4+squeeze3_i386.deb
307702230bf6b862371d76a3731f8ced 296166 libdevel extra
libopenjpeg2-dbg_1.3+dfsg-4+squeeze3_i386.deb
1c113e4a8cc5a49d31cfa61b487e4426 195372 graphics extra
openjpeg-tools_1.3+dfsg-4+squeeze3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlNW3rgACgkQYy49rUbZzlrMgACfQ/PtM9oJ4TXvSxA4NYOZd+v5
fpkAoIpP9hb2knGHTJaiHCCuDpDN1XXi
=usX2
-----END PGP SIGNATURE-----
--- End Message ---
