There are several open security bugs in our package of OpenJPEG 2.3.0:

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=openjpeg

`guix refresh -l openjpeg` reports that several thousand packages would
need to be rebuilt if we changed OpenJPEG, so we will need to fix these
bugs by cherry-picking the upstream bugfix patches in a grafted
replacement package.

If anyone is interested in doing the work and needs advice, please ask
for help :)

These are the CVE identifiers:

CVE-2017-17479
CVE-2018-5727
CVE-2018-5785
CVE-2018-6616
CVE-2018-7648
CVE-2018-14423
CVE-2018-16375
CVE-2018-16376
CVE-2018-17480
CVE-2018-18088