|
From: | Ludovic Courtès |
Subject: | Re: [PATCH 0/1] OpenJPEG CVE-2016-9572 CVE-2016-9573 |
Date: | Tue, 24 Jan 2017 22:15:39 +0100 |
User-agent: | Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Leo Famulari <address@hidden> skribis: > This patch fixes CVE-2016-9572 and CVE-2016-9573 in OpenJPEG. > > Notice that the patch is not from the official OpenJPEG repository. I've > asked for clarification here: > > https://github.com/uclouvain/openjpeg/issues/863#issuecomment-274271277 > > Debian has applied it to their openjpeg2 2.1.0-2+deb8u2 package (sorry, > I can't find a link to their package code; download the tarball and > inspect it manually): > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851422 > https://tracker.debian.org/pkg/openjpeg2 [...] > * gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > * gnu/packages/image.scm (openjpeg-2.1.2)[source]: Use it. Looks reasonable to me. Thank you! Ludo’.
[Prev in Thread] | Current Thread | [Next in Thread] |