Format: 1.8 Date: Wed, 06 Jan 2021 09:44:46 -0500 Source: openjpeg2 Binary: libopenjp2-7 libopenjp2-7-dev libopenjp2-tools libopenjp3d-tools libopenjp3d7 libopenjpip-dec-server libopenjpip-server libopenjpip7 Architecture: armhf Version: 2.3.1-1ubuntu4.20.10.1 Distribution: groovy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libopenjp2-7 - JPEG 2000 image compression/decompression library libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library libopenjp2-tools - command-line tools using the JPEG 2000 library libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression librar libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP protocol libopenjpip-server - JPIP server for JPEG 2000 files libopenjpip7 - JPEG 2000 Interactive Protocol Changes: openjpeg2 (2.3.1-1ubuntu4.20.10.1) groovy-security; urgency=medium . * SECURITY UPDATE: use-after-free via directory - debian/patches/CVE-2020-15389.patch: fix double-free on input directory with mix of valid and invalid images in src/bin/jp2/opj_decompress.c. - CVE-2020-15389 * SECURITY UPDATE: heap-buffer-overflow - debian/patches/CVE-2020-27814-1.patch: grow buffer size in src/lib/openjp2/tcd.c. - debian/patches/CVE-2020-27814-2.patch: grow it again - debian/patches/CVE-2020-27814-3.patch: and some more - debian/patches/CVE-2020-27814-4.patch: bigger, BIGGER!!! - CVE-2020-27814 * SECURITY UPDATE: heap-buffer-overflow write - debian/patches/CVE-2020-27823.patch: fix wrong computation in src/bin/jp2/convertpng.c. - CVE-2020-27823 * SECURITY UPDATE: global-buffer-overflow - debian/patches/CVE-2020-27824.patch: avoid global buffer overflow on irreversible conversion when too many decomposition levels are specified in src/lib/openjp2/dwt.c. - CVE-2020-27824 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-27841.patch: add extra checks to src/lib/openjp2/pi.c, src/lib/openjp2/pi.h, src/lib/openjp2/t2.c. - CVE-2020-27841 * SECURITY UPDATE: null pointer dereference - debian/patches/CVE-2020-27842.patch: add check to src/lib/openjp2/t2.c. - CVE-2020-27842 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-27843.patch: add check to src/lib/openjp2/t2.c. - CVE-2020-27843 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-27845.patch: add extra checks to src/lib/openjp2/pi.c. - CVE-2020-27845 Checksums-Sha1: 26ecd50979f2d6d07f8964d4ba08aecd51e22f10 460860 libopenjp2-7-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb 77307e08b9b4e08b848a367731159505a5c8ebf2 26744 libopenjp2-7-dev_2.3.1-1ubuntu4.20.10.1_armhf.deb 80c78d2bab4100e58a30b29a27fa4d3f230c8d8e 123852 libopenjp2-7_2.3.1-1ubuntu4.20.10.1_armhf.deb 771078ba57c067889a6bdc499fbafff666843e38 437332 libopenjp2-tools-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb ae9331b06fcce61eeb360af627db1ed919239b47 75320 libopenjp2-tools_2.3.1-1ubuntu4.20.10.1_armhf.deb c8d80dce7ef00d63d7e0ee82c350118b6df92bfb 76160 libopenjp3d-tools-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb 0ca4eed7b6bdd8146fe271acc478c067723646c9 27284 libopenjp3d-tools_2.3.1-1ubuntu4.20.10.1_armhf.deb 6338b45b9fd93bdf882f9c2f67fe7458043f5a61 199224 libopenjp3d7-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb 5e7ac520287cc776dcb606a40789b11eca8f5558 63360 libopenjp3d7_2.3.1-1ubuntu4.20.10.1_armhf.deb 6b8ecdcb2d4d604ab5295fc9f688996a44b7b227 21384 libopenjpip-dec-server-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb 9ce2de1e67e4d2a02009e1693dc12b011e9ec1ce 14960 libopenjpip-dec-server_2.3.1-1ubuntu4.20.10.1_armhf.deb 8f3741b204b4a16f9f4d621af27374ee9dd690de 111732 libopenjpip-server-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb c055646a728803add5ed3582c122930c7507f5c4 37176 libopenjpip-server_2.3.1-1ubuntu4.20.10.1_armhf.deb b585d8eecf52155bb4a6e63bfd47d58c2a282070 156004 libopenjpip7-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb cb722dc4b2c0e34f835aa4c03c99c225d8c9b6f4 43420 libopenjpip7_2.3.1-1ubuntu4.20.10.1_armhf.deb 7c7a1ac082c3abd1e1d2c997492411e4cab9a68c 12393 openjpeg2_2.3.1-1ubuntu4.20.10.1_armhf.buildinfo Checksums-Sha256: d24863bea7cdb7238760e69581b6c9fbd44088962aa73adf2ca596490e8b5f00 460860 libopenjp2-7-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb 48e0663c6181a08ebe08d3592151909908b7c47befa8a062aad1da9912e495e2 26744 libopenjp2-7-dev_2.3.1-1ubuntu4.20.10.1_armhf.deb 0b0e742bcb28279e98a5ef0c7167a45dc719cc87c95a92281a419c7b41bb474a 123852 libopenjp2-7_2.3.1-1ubuntu4.20.10.1_armhf.deb 4e91bbc32f8724b6d3c3c6301ec949057c5fce047ac0df5ba7e9c567e7c489d0 437332 libopenjp2-tools-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb 94b53ed914d73a6c97fb62b7be4c8f43896999fe70e326a1c6937f0e8a69a480 75320 libopenjp2-tools_2.3.1-1ubuntu4.20.10.1_armhf.deb ca2622fd401653bf9bd74509de14e7a89b438aa3b629718c313f71b8b14548a9 76160 libopenjp3d-tools-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb b6ae23a29346fd0ffe94ec439d3627e4006da221b84b5c58715c817da47b378b 27284 libopenjp3d-tools_2.3.1-1ubuntu4.20.10.1_armhf.deb 1c790fd972e976f3cc80afc0cbbb018f8302aef1cccfd586c4e3404a2e2f93e4 199224 libopenjp3d7-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb 5220d05d8c80cd9ff5aad61ba321a7d032a3a846a14cb15f4152881086b85372 63360 libopenjp3d7_2.3.1-1ubuntu4.20.10.1_armhf.deb 9a3389435e5c5f54e77b31c056af62cddf45eed21aa142491916d3e0e7ecd51e 21384 libopenjpip-dec-server-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb 1d00503222866da1ba235eff38f1a85046200ed206e2df368e06a435c5b55b1c 14960 libopenjpip-dec-server_2.3.1-1ubuntu4.20.10.1_armhf.deb 86248d1a3589433470fc350302bb22485cd43eadaa6dbe6bdc99e5e8993c1b1c 111732 libopenjpip-server-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb 3ff5fcdcde30a990573cbadff80dab0be27901decc08966c5cbfde077b1f5851 37176 libopenjpip-server_2.3.1-1ubuntu4.20.10.1_armhf.deb bb5b1a66d6c568e2268b8f2036300dc0227247448516e1989ddff4e03e8df12e 156004 libopenjpip7-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb becf38575d098f44d3569ed3f6bd1d6f9d04bb2587b61c48cfa44d8b2b866b43 43420 libopenjpip7_2.3.1-1ubuntu4.20.10.1_armhf.deb e26e1c621ee2bb440d1f17f4e9fdcbbef104f0bb58190ef8dd1f0018287a2c0d 12393 openjpeg2_2.3.1-1ubuntu4.20.10.1_armhf.buildinfo Files: 20ea5fb4962e820822c3097b555758e0 460860 debug optional libopenjp2-7-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb 31292b7c742cef14e364c23dd1956ad2 26744 libdevel optional libopenjp2-7-dev_2.3.1-1ubuntu4.20.10.1_armhf.deb c5093746984e7c1caabcb5cd76849641 123852 libs optional libopenjp2-7_2.3.1-1ubuntu4.20.10.1_armhf.deb d9acd67d3d1385bd10e176934ec0349b 437332 debug optional libopenjp2-tools-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb f6be8027e265f169f75b4e6c6516a849 75320 graphics optional libopenjp2-tools_2.3.1-1ubuntu4.20.10.1_armhf.deb 8f598e0eeabbbe3fcb6799953e767088 76160 debug optional libopenjp3d-tools-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb 82797abb6179a0d0036706cd6e4b4904 27284 graphics optional libopenjp3d-tools_2.3.1-1ubuntu4.20.10.1_armhf.deb 40edbda5a46e380611b252143952773d 199224 debug optional libopenjp3d7-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb 5434fb39ca991083f266005063b073aa 63360 libs optional libopenjp3d7_2.3.1-1ubuntu4.20.10.1_armhf.deb a487a693ae9fbbc7b22eb8943ceb508f 21384 debug optional libopenjpip-dec-server-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb 2f2d4fbb9d3cfe3d73f43b8b37b17fda 14960 graphics optional libopenjpip-dec-server_2.3.1-1ubuntu4.20.10.1_armhf.deb 6552ad885a25c71a68166c4e0d5c5ca3 111732 debug optional libopenjpip-server-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb c0d32d00a239dbe52e11093b0ff581ef 37176 graphics optional libopenjpip-server_2.3.1-1ubuntu4.20.10.1_armhf.deb 090958a77312dd19d01cbd42abd229f3 156004 debug optional libopenjpip7-dbgsym_2.3.1-1ubuntu4.20.10.1_armhf.ddeb b3c447809224739116827eb1ba9d0d20 43420 libs optional libopenjpip7_2.3.1-1ubuntu4.20.10.1_armhf.deb bdff8fff4de19f7a5164f206f217f7be 12393 libs optional openjpeg2_2.3.1-1ubuntu4.20.10.1_armhf.buildinfo Original-Maintainer: Debian PhotoTools Maintainers