Your message dated Tue, 28 Jan 2025 18:03:31 +0000
with message-id <e1tcpvv-003fup...@fasolo.debian.org>
and subject line Bug#989775: fixed in openjpeg2 2.5.0-2+deb12u1
has caused the Debian Bug report #989775,
regarding openjpeg2: CVE-2021-3575
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
989775: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989775
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openjpeg2
Version: 2.4.0-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/uclouvain/openjpeg/issues/1347
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for openjpeg2.
CVE-2021-3575[0]:
| heap-buffer-overflow in color.c may lead to DoS
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-3575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3575
[1] https://github.com/uclouvain/openjpeg/issues/1347
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openjpeg2
Source-Version: 2.5.0-2+deb12u1
Done: Moritz Mühlenhoff <j...@debian.org>
We believe that the bug you reported is fixed in the latest version of
openjpeg2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 989...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <j...@debian.org> (supplier of updated openjpeg2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 24 Jan 2025 17:47:06 +0100
Source: openjpeg2
Architecture: source
Version: 2.5.0-2+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<pkg-phototools-de...@lists.alioth.debian.org>
Changed-By: Moritz Mühlenhoff <j...@debian.org>
Closes: 989775 1081908 1092675
Changes:
openjpeg2 (2.5.0-2+deb12u1) bookworm-security; urgency=medium
.
* CVE-2021-3575 (Closes: #989775)
* CVE-2023-39327 (Closes: #1081908)
* CVE-2024-56826 (Closes: #1092675)
* CVE-2024-56827 (Closes: #1092675)
Checksums-Sha1:
e9a9dfb6f6a5c6d3e9aae1000e5ec588ead9a7ae 2705 openjpeg2_2.5.0-2+deb12u1.dsc
a991910891d3d180e6c057bbbd997a7ca2e9416d 1221108 openjpeg2_2.5.0.orig.tar.xz
99f21e5a06b2b682fdfc37710337121216b6b4db 19624
openjpeg2_2.5.0-2+deb12u1.debian.tar.xz
6360ddec86d3b84e123f9fd4f164fe375e109fb4 17555
openjpeg2_2.5.0-2+deb12u1_amd64.buildinfo
Checksums-Sha256:
809c3ea598b1fcda47b8e170d46cf6e09b1a2937fbd50ecb5048b9fd26ef072f 2705
openjpeg2_2.5.0-2+deb12u1.dsc
007e19d772c8b6b22e35379630b06ff3549e49ba719d96453607a36ad7b4de73 1221108
openjpeg2_2.5.0.orig.tar.xz
f6e27869dc381c84ca12b4843e20644104f9a830996680319a5bd330bd2f98b0 19624
openjpeg2_2.5.0-2+deb12u1.debian.tar.xz
71594145c0a67cc2fe4e87c1cae0b9021ba6ea403a720cce4234b76ed65bdc1b 17555
openjpeg2_2.5.0-2+deb12u1_amd64.buildinfo
Files:
a0b2fb3ad196dae36d57bb403f9cef0b 2705 libs optional
openjpeg2_2.5.0-2+deb12u1.dsc
35669c7e5d10e48f823501e8d7f3cca5 1221108 libs optional
openjpeg2_2.5.0.orig.tar.xz
3330fd59686a24999987b6a5027b925e 19624 libs optional
openjpeg2_2.5.0-2+deb12u1.debian.tar.xz
174a64ee682f7b80ad5d22e649e527b1 17555 libs optional
openjpeg2_2.5.0-2+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmeTxt4ACgkQEMKTtsN8
TjYDgRAAtLyukjegacPido22sfCAmxVpDygIwT6MpazqF4cSjgkEKQSq5wnPKdoX
aEPyYoWroBPUfQJzNVGUiDg5pPTnP21kjQPzy9vSNRsIOSbPBWw2TsiGbbPMQl2j
pn0is9TsjN9N0focy9If8Ys4mtRclwaMF3c95e3nPqlgLSypu+XuvOQm1ldgri93
FAHQecOXpAbpr/D4HBEWrLOpYdgDIiVMpOpIWJnw6Gd8teLU+gAQ2vHStsNNZMoc
nQhEwMiPVS+QyZQMp3SiPYEsjy1u4JOL1PXt+oQQRf1voe3oGWyX6BezmEDsKhhN
Uo+3aPjhfrOcDuIhgZfQx4aRw+uhhWi4Ybf92x5Sn+i77JwPaiPf7KbqwNXQFu0I
uvloAB1GVj8HzPUOZTyqapmTyH1+toVEip8Y/gx6uusqq9wEXspflGN0ixOVEcZn
z0MVZvnKdb2YCXp9/s2batUxdcil1QiLwY9oUBU9goAvF5v6JeZz1ciYi/XQxEo+
NxmfBNPb5kP4I/lvN03AXbTMeV1W2eHOsA1xUnuqGmsB8N4qvbcAD/S4qx4imT0V
zg8rHoq9nIrQK/gEBZUBSjjzdFsXfgE0SRzcmIhf/rCuoo3PrEoz3eRYrWXr0+RF
eW/ytDPrTN96ilItopgXivX8fbw4DVK4kV0sEe/EOpncybWhznM=
=PhCj
-----END PGP SIGNATURE-----
pgpIR8Nobn6Fg.pgp
Description: PGP signature
--- End Message ---
