unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
* bug#33924: OpenJPEG security issues
@ 2018-12-30 17:41 Leo Famulari
  2019-04-24 16:41 ` Marius Bakke
  0 siblings, 1 reply; 2+ messages in thread
From: Leo Famulari @ 2018-12-30 17:41 UTC (permalink / raw)
  To: 33924

[-- Attachment #1: Type: text/plain, Size: 622 bytes --]

There are several open security bugs in our package of OpenJPEG 2.3.0:

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=openjpeg

`guix refresh -l openjpeg` reports that several thousand packages would
need to be rebuilt if we changed OpenJPEG, so we will need to fix these
bugs by cherry-picking the upstream bugfix patches in a grafted
replacement package.

If anyone is interested in doing the work and needs advice, please ask
for help :)

These are the CVE identifiers:

CVE-2017-17479
CVE-2018-5727
CVE-2018-5785
CVE-2018-6616
CVE-2018-7648
CVE-2018-14423
CVE-2018-16375
CVE-2018-16376
CVE-2018-17480
CVE-2018-18088

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
* bug#33924: OpenJPEG security issues
  2018-12-30 17:41 bug#33924: OpenJPEG security issues Leo Famulari
@ 2019-04-24 16:41 ` Marius Bakke
  0 siblings, 0 replies; 2+ messages in thread
From: Marius Bakke @ 2019-04-24 16:41 UTC (permalink / raw)
  To: Leo Famulari, 33924-done

[-- Attachment #1: Type: text/plain, Size: 779 bytes --]

Leo Famulari <leo@famulari.name> writes:

> There are several open security bugs in our package of OpenJPEG 2.3.0:
>
> http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=openjpeg
>
> `guix refresh -l openjpeg` reports that several thousand packages would
> need to be rebuilt if we changed OpenJPEG, so we will need to fix these
> bugs by cherry-picking the upstream bugfix patches in a grafted
> replacement package.
>
> If anyone is interested in doing the work and needs advice, please ask
> for help :)
>
> These are the CVE identifiers:
>
> CVE-2017-17479
> CVE-2018-5727
> CVE-2018-5785
> CVE-2018-6616
> CVE-2018-7648
> CVE-2018-14423
> CVE-2018-16375
> CVE-2018-16376
> CVE-2018-17480
> CVE-2018-18088

I believe commit 0e2b0b05accdea7c3f016f8483d0ec04021114d3 fixed these.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-04-24 16:57 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-30 17:41 bug#33924: OpenJPEG security issues Leo Famulari
2019-04-24 16:41 ` Marius Bakke

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).