Format: 1.8 Date: Wed, 06 Jan 2021 09:44:46 -0500 Source: openjpeg2 Binary: libopenjp2-7 libopenjp2-7-dev libopenjp2-tools libopenjp3d-tools libopenjp3d7 libopenjpip-dec-server libopenjpip-server libopenjpip-viewer libopenjpip7 Architecture: amd64 all Version: 2.3.1-1ubuntu4.20.04.1 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libopenjp2-7 - JPEG 2000 image compression/decompression library libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library libopenjp2-tools - command-line tools using the JPEG 2000 library libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression librar libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP protocol libopenjpip-server - JPIP server for JPEG 2000 files libopenjpip-viewer - JPEG 2000 java based viewer for advanced remote JPIP access libopenjpip7 - JPEG 2000 Interactive Protocol Changes: openjpeg2 (2.3.1-1ubuntu4.20.04.1) focal-security; urgency=medium . * SECURITY UPDATE: use-after-free via directory - debian/patches/CVE-2020-15389.patch: fix double-free on input directory with mix of valid and invalid images in src/bin/jp2/opj_decompress.c. - CVE-2020-15389 * SECURITY UPDATE: heap-buffer-overflow - debian/patches/CVE-2020-27814-1.patch: grow buffer size in src/lib/openjp2/tcd.c. - debian/patches/CVE-2020-27814-2.patch: grow it again - debian/patches/CVE-2020-27814-3.patch: and some more - debian/patches/CVE-2020-27814-4.patch: bigger, BIGGER!!! - CVE-2020-27814 * SECURITY UPDATE: heap-buffer-overflow write - debian/patches/CVE-2020-27823.patch: fix wrong computation in src/bin/jp2/convertpng.c. - CVE-2020-27823 * SECURITY UPDATE: global-buffer-overflow - debian/patches/CVE-2020-27824.patch: avoid global buffer overflow on irreversible conversion when too many decomposition levels are specified in src/lib/openjp2/dwt.c. - CVE-2020-27824 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-27841.patch: add extra checks to src/lib/openjp2/pi.c, src/lib/openjp2/pi.h, src/lib/openjp2/t2.c. - CVE-2020-27841 * SECURITY UPDATE: null pointer dereference - debian/patches/CVE-2020-27842.patch: add check to src/lib/openjp2/t2.c. - CVE-2020-27842 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-27843.patch: add check to src/lib/openjp2/t2.c. - CVE-2020-27843 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-27845.patch: add extra checks to src/lib/openjp2/pi.c. - CVE-2020-27845 Checksums-Sha1: 4563f6cf5b893ac264f5b6abebc4906de092d120 512856 libopenjp2-7-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb d2e059339e39aa8471e278b0f28d4737f2991361 26724 libopenjp2-7-dev_2.3.1-1ubuntu4.20.04.1_amd64.deb 3b3a5ea247d76a876ef5dfe3cdf6d5631fe0481a 141408 libopenjp2-7_2.3.1-1ubuntu4.20.04.1_amd64.deb e3cb34ce7698adf69c3ae520aeac8aade1a02356 440832 libopenjp2-tools-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb c3592108d85a13e341cb6a9426a180075a098ab1 84076 libopenjp2-tools_2.3.1-1ubuntu4.20.04.1_amd64.deb 96e7d1bbe7e5ae2dbe61fc0a9afd90c5073e6cdd 73928 libopenjp3d-tools-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb f35e15599731b305db0b01edd0719416f3e11b15 28904 libopenjp3d-tools_2.3.1-1ubuntu4.20.04.1_amd64.deb fbe46a0c22af0fd0555e24366509d88b16fec0b1 212180 libopenjp3d7-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb f7c150ae7f88eaded741b00c8c18c2f4028b24bf 75624 libopenjp3d7_2.3.1-1ubuntu4.20.04.1_amd64.deb fb0f4cee004f867290c1c454637d85361ac53a58 21864 libopenjpip-dec-server-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb e297e9d9be654505d7623d13e3013a54ba30391d 15636 libopenjpip-dec-server_2.3.1-1ubuntu4.20.04.1_amd64.deb cf85eb8d6f4e91801c5c2e0934488556f18fd342 113144 libopenjpip-server-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb 24e7acd2e6c7fed8d9178df3ba81a6ae6e2d09df 40480 libopenjpip-server_2.3.1-1ubuntu4.20.04.1_amd64.deb cf894992c9abe10f904081a8628a1aba0ca0ab81 33688 libopenjpip-viewer_2.3.1-1ubuntu4.20.04.1_all.deb 9b0fbb13280657161f855630d322fc2cdb494629 162176 libopenjpip7-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb e8c26837385aff70922263c8597f66a09ec3a76b 48408 libopenjpip7_2.3.1-1ubuntu4.20.04.1_amd64.deb 939b0ca28e244c462f017b21aa2ba763b0bfb15e 17441 openjpeg2_2.3.1-1ubuntu4.20.04.1_amd64.buildinfo Checksums-Sha256: ef2ae28439e0a7a38ea0abbd20dda016fe70d7065e25043d4a3ba880788a7c52 512856 libopenjp2-7-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb fb8cd6316a60ac7d07089053d2be01127c995f4018fe4d11df27c84623db1cc1 26724 libopenjp2-7-dev_2.3.1-1ubuntu4.20.04.1_amd64.deb bfb567071090c653977e5de33ca5aa5924c62bcb263192bf1bc4afebd8b6283e 141408 libopenjp2-7_2.3.1-1ubuntu4.20.04.1_amd64.deb 3312f39783a76a02ce004a676975df6d1a9ae1d3091095328ef8aef684c3d23b 440832 libopenjp2-tools-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb cff5cf7d6624501569a75e67a7786814e15dd192125c800736dc6dfbbcdd8d75 84076 libopenjp2-tools_2.3.1-1ubuntu4.20.04.1_amd64.deb 74d59ac1efe372699ad7b70b01a54ecdf3c30c34b7782a043f2e0c13d615e05a 73928 libopenjp3d-tools-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb ad541b902af1f4fcb41e5681a3f37b4a9a86aaf80845b808e9dcbfe32e1ed958 28904 libopenjp3d-tools_2.3.1-1ubuntu4.20.04.1_amd64.deb 06cc452ed4d4c20ab5149e5f573f616b55ae7d1535a0f4a99553a8fdab358070 212180 libopenjp3d7-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb 5ff974e882512d7c13d362d4539eb5c300649fd7bd12d8ed5ab48bd4bad54826 75624 libopenjp3d7_2.3.1-1ubuntu4.20.04.1_amd64.deb 8b59decbf664e576fdea8d5200c51c0dd7648cd18a1ca1186711b859954ab1ba 21864 libopenjpip-dec-server-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb 5558fefec3a948997f9f1b2f782b51712a43b94c974d80bcb89d8850a3f2e4e7 15636 libopenjpip-dec-server_2.3.1-1ubuntu4.20.04.1_amd64.deb e8c41ed2548ca5b06bfbea34b9e6bc8fac60b6f9c4e380f2e1000eebf4b0ab53 113144 libopenjpip-server-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb 8bf75085e2722f0a324f03e8a5fcb656c22a3ad31d90a3b0a2d6d860babf2629 40480 libopenjpip-server_2.3.1-1ubuntu4.20.04.1_amd64.deb 806dd13c60b604753028ab848323822272970da1f1ec76ec917b2d2d4c9e00a1 33688 libopenjpip-viewer_2.3.1-1ubuntu4.20.04.1_all.deb a29c566b45f77177d5b2d245be04f095c073758b60d9da61f3b80205ffb54e5f 162176 libopenjpip7-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb d2fef320ed2f64b6d299c082ebad2b3f792db01ca14a80cf4179b7d71fedf5f2 48408 libopenjpip7_2.3.1-1ubuntu4.20.04.1_amd64.deb 47c2858eb7c36d02a60d5dbbca392efe9e23ee13b4f8945fbd691790ba3721a8 17441 openjpeg2_2.3.1-1ubuntu4.20.04.1_amd64.buildinfo Files: 6dcbf4dc4b8f8d5531d5fd65a7ca94a0 512856 debug optional libopenjp2-7-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb e48335010adbb3163dea309c444a168b 26724 libdevel optional libopenjp2-7-dev_2.3.1-1ubuntu4.20.04.1_amd64.deb 4866e9dbd801d4dd2de71b7d9066976a 141408 libs optional libopenjp2-7_2.3.1-1ubuntu4.20.04.1_amd64.deb 9f5abfd9bc8c2689ea7a5cb7a0ede41c 440832 debug optional libopenjp2-tools-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb 9838399275310b201eb4d7d26375817d 84076 graphics optional libopenjp2-tools_2.3.1-1ubuntu4.20.04.1_amd64.deb 380f17418c9dba47567604c6fd0f1bf5 73928 debug optional libopenjp3d-tools-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb 17825e6857784724da4f9f0e737ed60f 28904 graphics optional libopenjp3d-tools_2.3.1-1ubuntu4.20.04.1_amd64.deb 772b5099a81db867252cf75eb9829cee 212180 debug optional libopenjp3d7-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb 805ea812d38781c2911f7de9a114fd63 75624 libs optional libopenjp3d7_2.3.1-1ubuntu4.20.04.1_amd64.deb 60ec6e8cf4cd84bbe16f6a43d0a8185c 21864 debug optional libopenjpip-dec-server-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb fb90a5635ff79e6434f5cf45516b9f69 15636 graphics optional libopenjpip-dec-server_2.3.1-1ubuntu4.20.04.1_amd64.deb b86d887149bea5fddd2da075b4159735 113144 debug optional libopenjpip-server-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb 5834bfa90c4c25f14aaa12c18b5f8e8b 40480 graphics optional libopenjpip-server_2.3.1-1ubuntu4.20.04.1_amd64.deb 8636846bc2a103474f1193a302eaaa50 33688 graphics optional libopenjpip-viewer_2.3.1-1ubuntu4.20.04.1_all.deb fe8048ce482f95e48915f411309c87f7 162176 debug optional libopenjpip7-dbgsym_2.3.1-1ubuntu4.20.04.1_amd64.ddeb 3b532a8638025cf10c5f5cbe0094b806 48408 libs optional libopenjpip7_2.3.1-1ubuntu4.20.04.1_amd64.deb 921cd843e4c289ef45babbc7c2cc53e5 17441 libs optional openjpeg2_2.3.1-1ubuntu4.20.04.1_amd64.buildinfo Original-Maintainer: Debian PhotoTools Maintainers