Bug 21527

Summary: openjpeg2 new security issues CVE-2016-911[2-8], CVE-2016-5139, CVE-2016-515[89]
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: mageia
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA5TOO
Source RPM: openjpeg2-2.1.2-3.mga6.src.rpm CVE:
Status comment:

Description David Walser 2017-08-14 00:56:58 CEST 
Fedora has issued an advisory today (August 13):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2PJNE4QIJJNGE56J5SUTAQFVK6D4Y4FY/

The issues are fixed upstream in 2.2.0.

Mageia 5 and Mageia 6 are also affected.
David Walser 2017-08-14 00:57:07 CEST

Whiteboard: (none) => MGA6TOO, MGA5TOO

Comment 1 Nicolas Lécureuil 2017-08-14 14:25:50 CEST 
pushed in updates_testing

src.rpm:
        openjpeg2-2.2.0-1.mga6
        openjpeg2-2.2.0-1.mga5

CC: (none) => mageia
Assignee: bugsquad => qa-bugs
Version: Cauldron => 6
Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO

Comment 2 David Walser 2017-08-14 18:53:47 CEST 
Hmm, not sure how I missed this, but we already fixed all of these security issues.  I guess we can base any future updates off of 2.2.0.

Resolution: (none) => INVALID
Status: NEW => RESOLVED