openjpeg2 (2.3.0-2build0.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: Sync from Debian
openjpeg2 (2.3.0-2) unstable; urgency=high
[ Hugo Lefeuvre ]
* CVE-2017-17480: stack-based buffer overflow in the pgxtovolume function in
jp3d/convert.c (Closes: #884738).
* CVE-2018-14423: division-by-zero in pi_next_pcrl, pi_next_cprl, and
pi_next_rpcl in lib/openjp3d/pi.c (Closes: #904873).
* CVE-2018-18088: null pointer dereference in imagetopnm in jp2/convert.c
(Closes: #910763).
* CVE-2018-5785: integer overflow caused by an out-of-bounds left shift in the
opj_j2k_setup_encoder function (openjp2/j2k.c) (Closes: #888533).
* CVE-2018-6616: excessive iteration in the opj_t1_encode_cblks function of
openjp2/t1.c (Closes: #889683).
[ Mathieu Malaterre ]
* Add Hugo as Uploader
openjpeg2 (2.3.0-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix "FTBFS with Java 9 due to -source/-target only":
apply patch by Markus Koschany to build with Java 9 or later.
(Closes: #873997)
-- Eduardo Barretto <email address hidden> Tue, 20 Aug 2019 17:01:14 -0300