[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1433-1] openjpeg2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : openjpeg2
Version        : 2.1.0-2+deb8u4
CVE ID         : CVE-2015-1239 CVE-2016-5139



CVE-2015-1239
     Fix for denial of service (process crash) via a crafted PDF.

CVE-2016-5139
     Fix for integer overflows, allowing a denial of service
     (heap-based buffer overflow) or possibly have unspecified
     other impact via crafted JPEG 2000 data.


For Debian 8 "Jessie", these problems have been fixed in version
2.1.0-2+deb8u4.

We recommend that you upgrade your openjpeg2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJbUPSWXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHVQsP/R6HxOZhfIC6sg/QqpHeOrdo
vESrZQfTOMIYqjeDZBoZIXliTPZEBwoXqqrwWzCZdQUry8Kkw9qxTHm37SwzXZfy
Whad+KEfr0z5PppfQ3GaVgdAA+Wf/GQPqCP7JIJDsSGYJjyeostn/BP1Jv6QoFnI
N8juCcDdGaxMcUpbZxWlVYRSsoTrfcb6XdJ9I0MvyvGdKIN0a1Y9AJMp4RcCtzYw
+ES0bC+e4V5xh6USgdMk73r0+81OEx+irUn+Zm6vj1M0PWf4VS05QloFw135z5ji
1HeNkV9eFnHlKkJm1HOZuZEwEakfdpfWmnuTvo3I11IdICdMreKqxKOg5vPoxzeV
snFoPQQRfZYGf258kwZnx7redUfhs+4GGBWK19dGTZn6zRf5sNU3/NcewzqHTfoo
h0sck3bg8UJy5Wu7uC0Ls5ikT4kqXB3UAfGT3EdiaJCCyKj2GqQqlp4VVF4djo0L
913LeSn2BT2aM1fFRTso3ZnYgUwhvHqFE5sRcXl+Mqlmmn2ly6ZR4gSu5Dl1izUC
0tRkwo0M0gMyhqb7cnlXJgtuAoTf1iM2RrWa5+UJbIiGal6Hljf3i47gl9No7tmf
CVX/fUjoBBB2arY+uX3hlg3tjbbEwqi9jmcSSr4s2W7IkklMqQJAOc1ELglygBfS
9qQqfbkojth8gSdO/6qy
=N4pa
-----END PGP SIGNATURE-----


Reply to: