21527 – openjpeg2 new security issues CVE-2016-911[2-8], CVE-2016-5139, CVE-2016-515[89]

Bug 21527 - openjpeg2 new security issues CVE-2016-911[2-8], CVE-2016-5139, CVE-2016-515[89]

Summary: openjpeg2 new security issues CVE-2016-911[2-8], CVE-2016-5139, CVE-2016-515[89]

Status:	RESOLVED INVALID

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	6
Hardware:	All Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA5TOO
Keywords:

Depends on:
Blocks:

Reported:	2017-08-14 00:56 CEST by David Walser
Modified:	2017-08-14 18:53 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:	openjpeg2-2.1.2-3.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-08-14 00:56:58 CEST

Fedora has issued an advisory today (August 13):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2PJNE4QIJJNGE56J5SUTAQFVK6D4Y4FY/

The issues are fixed upstream in 2.2.0.

Mageia 5 and Mageia 6 are also affected.

David Walser 2017-08-14 00:57:07 CEST

Whiteboard: (none) => MGA6TOO, MGA5TOO

Comment 1 Nicolas Lécureuil 2017-08-14 14:25:50 CEST

pushed in updates_testing

src.rpm:
        openjpeg2-2.2.0-1.mga6
        openjpeg2-2.2.0-1.mga5

CC: (none) => mageia
Assignee: bugsquad => qa-bugs
Version: Cauldron => 6
Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO

Comment 2 David Walser 2017-08-14 18:53:47 CEST

Hmm, not sure how I missed this, but we already fixed all of these security issues.  I guess we can base any future updates off of 2.2.0.

Resolution: (none) => INVALID
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.