Re: [PATCH 0/1] OpenJPEG CVE-2016-9572 CVE-2016-9573

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 0/1] OpenJPEG CVE-2016-9572 CVE-2016-9573

From:	Ludovic Courtès
Subject:	Re: [PATCH 0/1] OpenJPEG CVE-2016-9572 CVE-2016-9573
Date:	Tue, 24 Jan 2017 22:15:39 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

Leo Famulari <address@hidden> skribis:

> This patch fixes CVE-2016-9572 and CVE-2016-9573 in OpenJPEG.
>
> Notice that the patch is not from the official OpenJPEG repository. I've
> asked for clarification here:
>
> https://github.com/uclouvain/openjpeg/issues/863#issuecomment-274271277
>
> Debian has applied it to their openjpeg2 2.1.0-2+deb8u2 package (sorry,
> I can't find a link to their package code; download the tarball and
> inspect it manually):
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851422
> https://tracker.debian.org/pkg/openjpeg2

[...]

> * gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/image.scm (openjpeg-2.1.2)[source]: Use it.

Looks reasonable to me.

Thank you!

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/1] OpenJPEG CVE-2016-9572 CVE-2016-9573, Leo Famulari, 2017/01/23
- [PATCH 1/1] gnu: openjpeg: Fix CVE-2016-{9572,9573}., Leo Famulari, 2017/01/23
- Re: [PATCH 0/1] OpenJPEG CVE-2016-9572 CVE-2016-9573, Ludovic Courtès <=

Prev by Date: Re: [PATCH python-tests] gnu: python-2.7: Enable UCS-4 Unicode encoding.
Next by Date: Re: Hardening (was: Re: tor: update to 0.2.9.9)
Previous by thread: [PATCH 1/1] gnu: openjpeg: Fix CVE-2016-{9572,9573}.
Next by thread: tor: update to 0.2.9.9
Index(es):
- Date
- Thread