openjpeg2 (2.1.0-2+deb8u10) jessie-security; urgency=medium * Non-maintainer upload by the LTS team. * CVE-2020-8112: Avoid integer overflow in OPJ_MACRO_TCD_ALLOCATE macro (aka static function opj_tcd_init_tile() in later versions of openjpeg2). (Closes: #950184). -- Mike Gabriel Thu, 30 Jan 2020 19:22:27 +0100 openjpeg2 (2.1.0-2+deb8u9) jessie-security; urgency=medium * Non-maintainer upload by the LTS team. * CVE-2020-6851: opj_j2k_update_image_dimensions(): reject images whose coordinates are beyond INT_MAX. -- Mike Gabriel Tue, 28 Jan 2020 14:22:26 +0100 openjpeg2 (2.1.0-2+deb8u8) jessie-security; urgency=medium * Non-maintainer upload by the LTS Security Team. * CVE-2018-21010: heap buffer overflow in color_apply_icc_profile (bin/common/color.c) (Closes: #939553). -- Hugo Lefeuvre Tue, 08 Oct 2019 14:12:08 +0200 openjpeg2 (2.1.0-2+deb8u7) jessie-security; urgency=high * Non-maintainer upload by the LTS team. * Fix CVE-2016-9112: A floating point exception or divide by zero in the function opj_pi_next_cprl may lead to a denial-of-service. * Fix CVE-2018-20847: An improper computation of values in the function opj_get_encoding_parameters can lead to an integer overflow. This issue was partly fixed by the patch for CVE-2015-1239. -- Markus Koschany Wed, 10 Jul 2019 18:03:52 +0200 openjpeg2 (2.1.0-2+deb8u6) jessie-security; urgency=high * Non-maintainer upload by the LTS Team. * CVE-2018-14423: Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl (closes: #904873). * CVE-2018-6616: Excessive Iteration in opj_t1_encode_cblks (closes: #889683). -- Hugo Lefeuvre Sat, 22 Dec 2018 11:50:11 +0100 openjpeg2 (2.1.0-2+deb8u5) jessie-security; urgency=high * Non-maintainer upload by the LTS Team. * CVE-2017-17480: write stack buffer overflow due to missing buffer length formatter in fscanf call. * CVE-2018-18088: null pointer dereference caused by null image components in imagetopnm. -- Hugo Lefeuvre Mon, 19 Nov 2018 17:23:30 +0100 openjpeg2 (2.1.0-2+deb8u4) jessie-security; urgency=high * Non-maintainer upload by the LTS Team. * CVE-2015-1239 Fix for denial of service (process crash) via a crafted PDF. * CVE-2016-5139 Fix for integer overflows, allowing a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. -- Thorsten Alteholz Thu, 19 Jul 2018 19:03:02 +0200 openjpeg2 (2.1.0-2+deb8u3) jessie-security; urgency=medium * CVE-2016-9118: c22cbd8bdf8ff2ae372f94391a4be2d322b36b41.patch * CVE-2016-5152: 3fbe71369019df0b47c7a2be4fab8c05768f2f32.patch * CVE-2016-1628: 11445eddad7e7fa5b273d1c83c91011c44e5d586.patch * CVE-2016-10504: not needed * CVE-2017-14039: CVE-2017-14039.patch * CVE-2017-14040: 2cd30c2b06ce332dede81cccad8b334cde997281.patch * CVE-2017-14041: e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch * CVE-2017-14151: not needed * CVE-2017-14152: dcac91b8c72f743bda7dbfa9032356bc8110098a.patch * CVE-2016-5157: CVE-2016-5157.patch -- Mathieu Malaterre Mon, 23 Oct 2017 20:43:14 +0200 openjpeg2 (2.1.0-2+deb8u2) jessie-security; urgency=medium * CVE-2016-5159 CVE-2016-8332 CVE-2016-9572 CVE-2016-9573 -- Moritz Muehlenhoff Sat, 14 Jan 2017 18:50:54 +0100 openjpeg2 (2.1.0-2+deb8u1) jessie-security; urgency=medium * CVE-2015-6581 CVE-2015-8871 CVE-2016-1924 CVE-2016-7163 -- Moritz Mühlenhoff Fri, 09 Sep 2016 20:14:50 +0200 openjpeg2 (2.1.0-2) unstable; urgency=low * Install *.pc files. Closes: #762251 * Remove cmake-fatal-error export stuff * Fix warnings in d/copyright * Bump Std-Vers to 3.9.6, no changes needed * Fix include path in export file to handle multi-arch install + debian/patches/multiarch_path.patch -- Mathieu Malaterre Tue, 07 Oct 2014 13:14:43 +0200 openjpeg2 (2.1.0-1) unstable; urgency=low * New upstream. Closes: #761154, #761155 * Rename binary packages to prevent conflicts. Closes: #760874 * Remove "Multi-Arch: same" for -dev package. Closes: #760421 -- Mathieu Malaterre Thu, 11 Sep 2014 17:40:46 +0200 openjpeg2 (2.0.0-1) unstable; urgency=low * New upstream. Closes: #738655. -- Mathieu Malaterre Fri, 23 May 2014 18:23:37 +0200