CVE-2015-6581: Double free vulnerability in opj_j2k_copy_default_tcp_and_create_tcd

Debian Bug report logs - #800453
CVE-2015-6581: Double free vulnerability in opj_j2k_copy_default_tcp_and_create_tcd

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Raphael Hertzog <hertzog@debian.org>

To: submit@bugs.debian.org

Subject: CVE-2015-6581: Double free vulnerability in opj_j2k_copy_default_tcp_and_create_tcd

Date: Tue, 29 Sep 2015 17:57:42 +0200

Package: openjpeg2
Severity: important
Tags: security patch
Version: 2.1.0-2

Hi,

the following vulnerability was published for openjpeg2.

CVE-2015-6581[0]:
| Double free vulnerability in the
| opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG
| before r3002, as used in PDFium in Google Chrome before 45.0.2454.85,
| allows remote attackers to execute arbitrary code or cause a denial of
| service (heap memory corruption) by triggering a memory-allocation
| failure.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-6581
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6581

jessie is affected as 

The upstream fix is here:
https://github.com/uclouvain/openjpeg/commit/0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Message #12 received at 800453-close@bugs.debian.org (full text, mbox, reply):

From: Mathieu Malaterre <malat@debian.org>

To: 800453-close@bugs.debian.org

Subject: Bug#800453: fixed in openjpeg2 2.1.1-1

Date: Mon, 11 Jul 2016 07:48:35 +0000

Source: openjpeg2
Source-Version: 2.1.1-1

We believe that the bug you reported is fixed in the latest version of
openjpeg2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 800453@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mathieu Malaterre <malat@debian.org> (supplier of updated openjpeg2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 11 Jul 2016 09:28:19 +0200
Source: openjpeg2
Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7 libopenjp2-7-dbg libopenjpip-dec-server libopenjpip-viewer libopenjpip-server libopenjp3d-tools libopenjp2-tools
Architecture: source
Version: 2.1.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Mathieu Malaterre <malat@debian.org>
Description:
 libopenjp2-7 - JPEG 2000 image compression/decompression library
 libopenjp2-7-dbg - debug symbols for libopenjp2-7, a JPEG 2000 image library
 libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library
 libopenjp2-tools - command-line tools using the JPEG 2000 library
 libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library
 libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression librar
 libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP protocol
 libopenjpip-server - JPIP server for JPEG 2000 files
 libopenjpip-viewer - JPEG 2000 java based viewer for advanced remote JPIP access
 libopenjpip7 - JPEG 2000 Interactive Protocol
Closes: 772889 784377 787383 800149 800453 818399 820190 822577 829734
Changes:
 openjpeg2 (2.1.1-1) unstable; urgency=medium
 .
   * New upstream. Closes: #829734
     + d/watch points toward github now
     + Fix man page typos. Closes: #772889, #784377
     + Raise priority to optional. Closes: #822577
     + Fix multiple CVEs: Closes: #800453, #800149, #818399
   * Fix pc file. Closes: #787383
   * Remove reference to contrib. Closes: #820190
   * Bump Std-Vers to 3.9.8, no changes needed
Checksums-Sha1:
 591f57eca2f6c14f3533d3eeee9ebdf91307bb6a 2745 openjpeg2_2.1.1-1.dsc
 b995742c41abe58828d72ffec52404ec91111194 1984111 openjpeg2_2.1.1.orig.tar.gz
 36418e6ee0ff229fe2ddd369fb6fbb203526005d 19520 openjpeg2_2.1.1-1.debian.tar.xz
Checksums-Sha256:
 5ae3c3a55b5ac4016aa4b119c13609af2f954d4765dbd21d7d49d381fe89663e 2745 openjpeg2_2.1.1-1.dsc
 82c27f47fc7219e2ed5537ac69545bf15ed8c6ba8e6e1e529f89f7356506dbaa 1984111 openjpeg2_2.1.1.orig.tar.gz
 b7b43c2a23d4719009dc8cc7cad01faff779d7f7ab11ae1a9c6293dbd54f00f1 19520 openjpeg2_2.1.1-1.debian.tar.xz
Files:
 c9e4cda2d708ff2053242d4dfc308291 2745 libs optional openjpeg2_2.1.1-1.dsc
 0cc4b2aee0a9b6e9e21b7abcd201a3ec 1984111 libs optional openjpeg2_2.1.1.orig.tar.gz
 e870c7e4846c8db878e8104de6cb6e3c 19520 libs optional openjpeg2_2.1.1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJXg0q9AAoJEAFx4YKK4JNFXGEP/1YjZoMLtxFADHNyZdCWfaHn
ADbvTRb9gpA/XB3NNj/9hRGjZoAfRFjVo9WwNBxA+caCZ/JGZGLOfsL6fSW4Cgxh
t0VolwsocDy1j7912hBBdrod/j5ho9ALewUVONBqNoFhnIieRy/bP9b02pmmdquV
zk97+ljWdpiVQIsy3/W3F/KcsGDLZnKjS+ILFOTru+YfthVUWn3boGq2JUlwHAUH
2PyOfWCoQqRW+ZHtPT5+Cp3poz1xa3PDFn7eON0BLZHVfyH9ImjW4U6HkFlpo3Mj
G4ds2bnkP9Er9HUtT6CV326hyomGG152pWqRmBZM0LuE1+HTGdUx/SZsnom/kegM
I4lqK8o9ybExtF8BrtnUu8UbG1mvHDdSaRzuBHr3IZCfFDTiMIn6S1y9/IiNdWaP
hQcTbb5tDhexZU81NSQG6WxnmmBWmqxEdvlCpMgMAUWc+uDl+r/4G46MDMa6Ekv5
oDJL2MI78xDgX3B3w5vLtGoD22BRvXLvLLCmNm/P3/DJmSMtBqk0eQlwc4mOBh6O
1xFtQdNA+o2uvhq3LLR0acBLhDEruCHVORd+qpxusXwFktvJpkwNGDYLtevH81yj
B+FTHFJH7cKk/0dkqO+LiYlZqM2sfxYn0VtooDF/xrsg7VqV+tjetm93CpGWdAm5
pZAxKNbz8D3BCt1cNVXv
=ObLW
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.