bug#33924: OpenJPEG security issues

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#33924: OpenJPEG security issues

From:	Marius Bakke
Subject:	bug#33924: OpenJPEG security issues
Date:	Wed, 24 Apr 2019 18:41:39 +0200
User-agent:	Notmuch/0.28.3 (https://notmuchmail.org) Emacs/26.2 (x86_64-pc-linux-gnu)

Leo Famulari <address@hidden> writes:

> There are several open security bugs in our package of OpenJPEG 2.3.0:
>
> http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=openjpeg
>
> `guix refresh -l openjpeg` reports that several thousand packages would
> need to be rebuilt if we changed OpenJPEG, so we will need to fix these
> bugs by cherry-picking the upstream bugfix patches in a grafted
> replacement package.
>
> If anyone is interested in doing the work and needs advice, please ask
> for help :)
>
> These are the CVE identifiers:
>
> CVE-2017-17479
> CVE-2018-5727
> CVE-2018-5785
> CVE-2018-6616
> CVE-2018-7648
> CVE-2018-14423
> CVE-2018-16375
> CVE-2018-16376
> CVE-2018-17480
> CVE-2018-18088

I believe commit 0e2b0b05accdea7c3f016f8483d0ec04021114d3 fixed these.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#33924: OpenJPEG security issues, Marius Bakke <=

Prev by Date: bug#35417: Tor Service
Next by Date: bug#35417: Tor Service
Previous by thread: bug#35417: Tor Service
Next by thread: bug#35422: LibreOffice builds for me, but not on CI server
Index(es):
- Date
- Thread