Format: 1.8 Date: Wed, 06 Jan 2021 09:44:46 -0500 Source: openjpeg2 Binary: libopenjp2-7 libopenjp2-7-dev libopenjp2-tools libopenjp3d-tools libopenjp3d7 libopenjpip-dec-server libopenjpip-server libopenjpip7 Architecture: armhf Version: 2.3.1-1ubuntu4.20.04.1 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libopenjp2-7 - JPEG 2000 image compression/decompression library libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library libopenjp2-tools - command-line tools using the JPEG 2000 library libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression librar libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP protocol libopenjpip-server - JPIP server for JPEG 2000 files libopenjpip7 - JPEG 2000 Interactive Protocol Changes: openjpeg2 (2.3.1-1ubuntu4.20.04.1) focal-security; urgency=medium . * SECURITY UPDATE: use-after-free via directory - debian/patches/CVE-2020-15389.patch: fix double-free on input directory with mix of valid and invalid images in src/bin/jp2/opj_decompress.c. - CVE-2020-15389 * SECURITY UPDATE: heap-buffer-overflow - debian/patches/CVE-2020-27814-1.patch: grow buffer size in src/lib/openjp2/tcd.c. - debian/patches/CVE-2020-27814-2.patch: grow it again - debian/patches/CVE-2020-27814-3.patch: and some more - debian/patches/CVE-2020-27814-4.patch: bigger, BIGGER!!! - CVE-2020-27814 * SECURITY UPDATE: heap-buffer-overflow write - debian/patches/CVE-2020-27823.patch: fix wrong computation in src/bin/jp2/convertpng.c. - CVE-2020-27823 * SECURITY UPDATE: global-buffer-overflow - debian/patches/CVE-2020-27824.patch: avoid global buffer overflow on irreversible conversion when too many decomposition levels are specified in src/lib/openjp2/dwt.c. - CVE-2020-27824 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-27841.patch: add extra checks to src/lib/openjp2/pi.c, src/lib/openjp2/pi.h, src/lib/openjp2/t2.c. - CVE-2020-27841 * SECURITY UPDATE: null pointer dereference - debian/patches/CVE-2020-27842.patch: add check to src/lib/openjp2/t2.c. - CVE-2020-27842 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-27843.patch: add check to src/lib/openjp2/t2.c. - CVE-2020-27843 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-27845.patch: add extra checks to src/lib/openjp2/pi.c. - CVE-2020-27845 Checksums-Sha1: 69fe9cb4a06c4cbf8b98a848f24737fe71c5f48a 466564 libopenjp2-7-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb da3fbb18ebf4841d37868f9ca9ed5301c943094c 26744 libopenjp2-7-dev_2.3.1-1ubuntu4.20.04.1_armhf.deb b40a671360515e10f8b38c8c722009f308bf5efb 126332 libopenjp2-7_2.3.1-1ubuntu4.20.04.1_armhf.deb 64f9a5d06d1a9e19c6595e25c6b37ef7ed8bf228 444352 libopenjp2-tools-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb 24a6aed412d21d758e718f337e12f138b9bc4f6a 76304 libopenjp2-tools_2.3.1-1ubuntu4.20.04.1_armhf.deb d96de770e6b5881f707d9c126e7cd1da6cd4b955 74656 libopenjp3d-tools-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb f2e590aecf4be438f75f07feb3528db438fa74bc 27300 libopenjp3d-tools_2.3.1-1ubuntu4.20.04.1_armhf.deb 22ca319a05eb5115b40687d0146716080ec7ed0f 199272 libopenjp3d7-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb 21b353b78eaf7ac799643997185a2487ce36de92 64900 libopenjp3d7_2.3.1-1ubuntu4.20.04.1_armhf.deb 2a47c446ceb6525e297ee2b3cac4943b78f55c2b 22568 libopenjpip-dec-server-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb 021420371f30064b9e344dd95ec9489e1ef9efc4 14952 libopenjpip-dec-server_2.3.1-1ubuntu4.20.04.1_armhf.deb 9568f7a6a66797c7f3eb2023c7b62bef56b16f5c 113844 libopenjpip-server-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb 458b60762b357f413437952a0470c03aa3ee350e 37232 libopenjpip-server_2.3.1-1ubuntu4.20.04.1_armhf.deb 63bbcc4a2cbce7c4d1cade7823017422ecfd8be8 158532 libopenjpip7-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb 71f5908909fa90f822b5c44ef8254a53c676b3d7 43620 libopenjpip7_2.3.1-1ubuntu4.20.04.1_armhf.deb 5135cb1f76470301574d9c98ce467a580c316b7f 12335 openjpeg2_2.3.1-1ubuntu4.20.04.1_armhf.buildinfo Checksums-Sha256: e89d64f4ce6104d65a7270f9447487f65d3be648ae3723c4dea51618a1d877b2 466564 libopenjp2-7-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb 5a04c4de5918f3fe2d110074a83b1e46aa33d2ad09226ac14c9a690b6409450b 26744 libopenjp2-7-dev_2.3.1-1ubuntu4.20.04.1_armhf.deb 84490831e04978e1202248ff8b0fba559cab7c463d992a2872e5a972a5e4fd40 126332 libopenjp2-7_2.3.1-1ubuntu4.20.04.1_armhf.deb 62f69df356af006719a53cc95020b9cd0afa689b99aab6fd330dbe6dfbfc0351 444352 libopenjp2-tools-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb 2b1a81440cce5a6bdb0dd9240508ba29f4d0e674cfbbc42401b0208caab32dc2 76304 libopenjp2-tools_2.3.1-1ubuntu4.20.04.1_armhf.deb c5b361ed7efbd0efeb833aa70d1d2d0b6c795131b602d8bba7e02b6413bb94c6 74656 libopenjp3d-tools-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb dd45b6aecc4b7901156011d69543f072880c210dbeb66175ff7a58efa112b807 27300 libopenjp3d-tools_2.3.1-1ubuntu4.20.04.1_armhf.deb 1a4e2292cce7491c1c03c8c097e2eab87655b0bdcac00b09d1c33aedf939da44 199272 libopenjp3d7-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb 28aa6b56cd525a59a6867d771aae4125c366554d778c4608eddde4d77b6a5bc4 64900 libopenjp3d7_2.3.1-1ubuntu4.20.04.1_armhf.deb 2592c814bf3b3f1fd0628e4d7fcfe66c452719a09209e4debea67c9a0f1670f1 22568 libopenjpip-dec-server-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb 728c4e78329614d2d8d8a1383599f7611007c5ae6d86ced6da3e34b9f629c5ce 14952 libopenjpip-dec-server_2.3.1-1ubuntu4.20.04.1_armhf.deb 0d34f379721b9728f3e2317e22b7367c9454eb5f090d82447e9124f6b407c8f7 113844 libopenjpip-server-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb 542e8ef36376c284992214647fa353c0283d1a03fc783f1d5f6e21dc1232a08c 37232 libopenjpip-server_2.3.1-1ubuntu4.20.04.1_armhf.deb 05b2851338de3b4b33072f425559a0a354283505ad1de30fee2f3f1e99b46b86 158532 libopenjpip7-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb 03cccef9a1cf76cfcb7b432166764f6e16dfb0a3a86884ef7e3e95d65e6e0aba 43620 libopenjpip7_2.3.1-1ubuntu4.20.04.1_armhf.deb 5bd4797c85f180d9113beb6cac026c2678a7c099b7c6439672d9335a6164a02d 12335 openjpeg2_2.3.1-1ubuntu4.20.04.1_armhf.buildinfo Files: 01e606f4ff21db93ebe5ba3b1a482141 466564 debug optional libopenjp2-7-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb 97e197dae4e0cfc981c101b491257a92 26744 libdevel optional libopenjp2-7-dev_2.3.1-1ubuntu4.20.04.1_armhf.deb 383bd5209a6ab614473cd1b1db39e36b 126332 libs optional libopenjp2-7_2.3.1-1ubuntu4.20.04.1_armhf.deb 110517cd25adb94792a207b268786e7b 444352 debug optional libopenjp2-tools-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb cd2bcd36e5e8bb2d439baea74b504d27 76304 graphics optional libopenjp2-tools_2.3.1-1ubuntu4.20.04.1_armhf.deb a1c08aa802a8880341898e3344f296d3 74656 debug optional libopenjp3d-tools-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb 6c2309798c7c6777ce1e45194bed8a14 27300 graphics optional libopenjp3d-tools_2.3.1-1ubuntu4.20.04.1_armhf.deb ef73d96fa814dcfc2dc03978aab024f6 199272 debug optional libopenjp3d7-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb 651d2dbe8973db16ad215b9e017607ca 64900 libs optional libopenjp3d7_2.3.1-1ubuntu4.20.04.1_armhf.deb 5bbbb062849d320a1db7c1bfb7b33b87 22568 debug optional libopenjpip-dec-server-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb d75bfad56e77ebc4099a0822566f1625 14952 graphics optional libopenjpip-dec-server_2.3.1-1ubuntu4.20.04.1_armhf.deb 0f6bfd7023832a9891225fba684f7685 113844 debug optional libopenjpip-server-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb 2b795a40829a6fa2a646fa1696892f27 37232 graphics optional libopenjpip-server_2.3.1-1ubuntu4.20.04.1_armhf.deb 2f4c950915ccd22f878773593c8874e0 158532 debug optional libopenjpip7-dbgsym_2.3.1-1ubuntu4.20.04.1_armhf.ddeb e29489957d8dd14715d7f755a41e3384 43620 libs optional libopenjpip7_2.3.1-1ubuntu4.20.04.1_armhf.deb 35fd46095caf83709de51712aa7a4865 12335 libs optional openjpeg2_2.3.1-1ubuntu4.20.04.1_armhf.buildinfo Original-Maintainer: Debian PhotoTools Maintainers