Your message dated Sun, 10 Mar 2019 17:50:19 +0000 with message-id <e1h32az-000ce0...@fasolo.debian.org> and subject line Bug#910763: fixed in openjpeg2 2.3.0-2 has caused the Debian Bug report #910763, regarding openjpeg2: CVE-2018-18088 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 910763: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910763 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: openjpeg2 Version: 2.3.0-1 Severity: important Tags: security upstream Forwarded: https://github.com/uclouvain/openjpeg/issues/1152 Hi, The following vulnerability was published for openjpeg2. CVE-2018-18088[0]: | OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the | imagetopnm function of jp2/convert.c If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-18088 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18088 [1] https://github.com/uclouvain/openjpeg/issues/1152 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: openjpeg2 Source-Version: 2.3.0-2 We believe that the bug you reported is fixed in the latest version of openjpeg2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 910...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mathieu Malaterre <ma...@debian.org> (supplier of updated openjpeg2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Mar 2019 18:34:51 +0100 Source: openjpeg2 Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7 libopenjpip-dec-server libopenjpip-viewer libopenjpip-server libopenjp3d-tools libopenjp2-tools Architecture: source Version: 2.3.0-2 Distribution: unstable Urgency: high Maintainer: Debian PhotoTools Maintainers <pkg-phototools-de...@lists.alioth.debian.org> Changed-By: Mathieu Malaterre <ma...@debian.org> Description: libopenjp2-7 - JPEG 2000 image compression/decompression library libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library libopenjp2-tools - command-line tools using the JPEG 2000 library libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression librar libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP protocol libopenjpip-server - JPIP server for JPEG 2000 files libopenjpip-viewer - JPEG 2000 java based viewer for advanced remote JPIP access libopenjpip7 - JPEG 2000 Interactive Protocol Closes: 884738 888533 889683 904873 910763 Changes: openjpeg2 (2.3.0-2) unstable; urgency=high . [ Hugo Lefeuvre ] * CVE-2017-17480: stack-based buffer overflow in the pgxtovolume function in jp3d/convert.c (Closes: #884738). * CVE-2018-14423: division-by-zero in pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c (Closes: #904873). * CVE-2018-18088: null pointer dereference in imagetopnm in jp2/convert.c (Closes: #910763). * CVE-2018-5785: integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c) (Closes: #888533). * CVE-2018-6616: excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c (Closes: #889683). . [ Mathieu Malaterre ] * Add Hugo as Uploader Checksums-Sha1: 26883ff0dfeb5e7e8fa32954a0ac04ad8b3a0ef0 2757 openjpeg2_2.3.0-2.dsc c270a0b9ab31b9484c265fe0f7f5263ddbfdd68b 21040 openjpeg2_2.3.0-2.debian.tar.xz 775b0ffea7429fa7b8cf7fdb66e8a67b71c90c9a 15501 openjpeg2_2.3.0-2_source.buildinfo Checksums-Sha256: 3b5e407cde75432d1a9bdd92ee229644d1e804302f6421b24fe91372bdcf4841 2757 openjpeg2_2.3.0-2.dsc def9d0c3020e494fc9e69a674f03e11e736e7765292cf0fe01d481f4cb578b5a 21040 openjpeg2_2.3.0-2.debian.tar.xz 926398f35fa8e3a8b83d01613ae7300826048a507674e2819312ea7c39528254 15501 openjpeg2_2.3.0-2_source.buildinfo Files: 2d5fcb24dfc3176548866a25a6e34a19 2757 libs optional openjpeg2_2.3.0-2.dsc 6321d54d89ffcf19bf79ea180bfdcfd4 21040 libs optional openjpeg2_2.3.0-2.debian.tar.xz b88b898e9482387089fe63c1f3b13c87 15501 libs optional openjpeg2_2.3.0-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEaTNn/67NjqrNHwY7AXHhgorgk0UFAlyFSw0RHG1hbGF0QGRl Ymlhbi5vcmcACgkQAXHhgorgk0UmTg//STU21I8TDyd5qSDCoPBSlthHVfCL7r1/ +3w5Of30DdpPJQ0luyKM6YbqieGgH+IEyEB4yU8H155amLs1MWPuwZuCsOVfv3BH gzSKJpFVCYQ+XyH39XMyZ57yKZfQaMBO4/Q2VVYKDHdz3xTUvDh9J+eZhO3uu2d3 6R6EfBERfCi2l9+pq0l8/hFn0+tAp95wqM+fkQDis4QpLmVwxRM/3QlgveDKUqeD F9XYwc6HBsHHkJgkA8jNsUWXtYEapM+9Nya7J8Ndqtj5KH5Jy7dklI7PIAJV4S9y DNQ6lrXskpKqU+UsYYTTvX8ZkK+nN+ubUwixCbawYITH2Li3Qp+KKeDhKYWvs8i6 U4HT21HH+2Khf3qKNSwYB5yT70fdu5cNXEMw5FngfWT9Vjk8DsHu/7fv0Idi21XT YCVYZPWl/SXOIXC52J793BUhL8WA39eYk1iGVr8Bqhw3pwEmN6gkazwaFx2obfch hrrfd+d/vo9+8096HVrRjfPM7Dw7gBvVtS6Cs5+GUx9MFeVdmUIeScpxp1yJ+1oh ddvreeRneCO5fBzRFbZPMfiUY3YNUGTBI/3wV0yRfqoSXnB0gZm6rFrTPjtdFYaq ZP8NWvC7I1xsyFpBmRnY78JZfOmMkDC+NfAvTEdyo2wIxjjnTT184PMto0gwm0Z8 EWWuVSm7Mk0= =thfA -----END PGP SIGNATURE-----
--- End Message ---
