Leo Famulari <l...@famulari.name> skribis: > This patch fixes CVE-2016-9572 and CVE-2016-9573 in OpenJPEG. > > Notice that the patch is not from the official OpenJPEG repository. I've > asked for clarification here: > > https://github.com/uclouvain/openjpeg/issues/863#issuecomment-274271277 > > Debian has applied it to their openjpeg2 2.1.0-2+deb8u2 package (sorry, > I can't find a link to their package code; download the tarball and > inspect it manually): > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851422 > https://tracker.debian.org/pkg/openjpeg2
[...] > * gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > * gnu/packages/image.scm (openjpeg-2.1.2)[source]: Use it. Looks reasonable to me. Thank you! Ludo’.
