[SECURITY] [DLA 1354-1] opencv security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1354-1] opencv security update
From: Antoine Beaupré <anarcat@debian.org>
Date: Wed, 18 Apr 2018 16:47:56 -0400
Message-id: <[🔎] 20180418204756.3plgi3536du7djqg@curie.anarc.at>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : opencv
Version        : 2.3.1-11+deb7u4
CVE ID         : CVE-2018-5268 CVE-2018-5269
Debian Bug     : 886674 886675

Two vulnerabilities were found in OpenCV, the "Open Computer Vision
Library".

CVE-2018-5268

    In OpenCV 3.3.1, a heap-based buffer overflow happens in
    cv::Jpeg2KDecoder::readComponent8u in
    modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted
    image file.

CVE-2018-5269

    In OpenCV 3.3.1, an assertion failure happens in
    cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp
    because of an incorrect integer cast.

For Debian 7 "Wheezy", these problems have been fixed in version
2.3.1-11+deb7u4.

We recommend that you upgrade your opencv packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: [SECURITY] [DLA 1353-1] wireshark security update
Next by Date: [SECURITY] [DLA 1355-1] mysql-5.5 security update
Previous by thread: [SECURITY] [DLA 1353-1] wireshark security update
Next by thread: [SECURITY] [DLA 1355-1] mysql-5.5 security update
Index(es):
- Date
- Thread