[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 0/1] OpenJPEG CVE-2016-9572 CVE-2016-9573

From: Ludovic Courtès
Subject: Re: [PATCH 0/1] OpenJPEG CVE-2016-9572 CVE-2016-9573
Date: Tue, 24 Jan 2017 22:15:39 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

Leo Famulari <address@hidden> skribis:

> This patch fixes CVE-2016-9572 and CVE-2016-9573 in OpenJPEG.
> Notice that the patch is not from the official OpenJPEG repository. I've
> asked for clarification here:
> Debian has applied it to their openjpeg2 2.1.0-2+deb8u2 package (sorry,
> I can't find a link to their package code; download the tarball and
> inspect it manually):


> * gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch: New file.
> * gnu/ (dist_patch_DATA): Add it.
> * gnu/packages/image.scm (openjpeg-2.1.2)[source]: Use it.

Looks reasonable to me.

Thank you!


reply via email to

[Prev in Thread] Current Thread [Next in Thread]