Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

openjpeg: CVE-2013-4289 CVE-2013-4290

Related Vulnerabilities: CVE-2013-4289   CVE-2013-4290  

Source

Debian Bug report logs - #722540
openjpeg: CVE-2013-4289 CVE-2013-4290

version graph

Package: openjpeg; Maintainer for openjpeg is Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Thu, 12 Sep 2013 06:03:02 UTC

Severity: grave

Tags: security

Found in version 1.5.1-2

Done: Mathieu Malaterre <malat@debian.org>

Bug is archived. No further changes may be made.

Forwarded to http://code.google.com/p/openjpeg/issues/detail?id=298

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>:
Bug#722540; Package openjpeg. (Thu, 12 Sep 2013 06:03:06 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>. (Thu, 12 Sep 2013 06:03:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: openjpeg: CVE-2013-4289 CVE-2013-4290
Date: Thu, 12 Sep 2013 07:56:27 +0200
Package: openjpeg
Severity: grave
Tags: security
Justification: user security hole

Please see http://seclists.org/oss-sec/2013/q3/593

Patches are not yet available.

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>:
Bug#722540; Package openjpeg. (Sun, 12 Jan 2014 20:51:13 GMT) (full text, mbox, link).

Acknowledgement sent to Arne Wichmann <aw@anhrefn.saar.de>:
Extra info received and forwarded to list. Copy sent to Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>. (Sun, 12 Jan 2014 20:51:14 GMT) (full text, mbox, link).

Message #10 received at 722540@bugs.debian.org (full text, mbox, reply):

From: Arne Wichmann <aw@anhrefn.saar.de>
To: 722540@bugs.debian.org
Subject: Ping: CVE-2013-4289 CVE-2013-4290
Date: Sun, 12 Jan 2014 21:12:41 +0100
[Message part 1 (text/plain, inline)]
Hi.

Is there any progress on this bug? This grave issue is now open for three
months.

cu

AW
-- 
[...] If you don't want to be restricted, don't agree to it. If you are
coerced, comply as much as you must to protect yourself, just don't support
it. Noone can free you but yourself. (crag, on Debian Planet)
Arne Wichmann (aw@linux.de)

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>:
Bug#722540; Package openjpeg. (Mon, 17 Mar 2014 09:54:05 GMT) (full text, mbox, link).

Acknowledgement sent to Mathieu Malaterre <malat@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>. (Mon, 17 Mar 2014 09:54:05 GMT) (full text, mbox, link).

Message #15 received at 722540@bugs.debian.org (full text, mbox, reply):

From: Mathieu Malaterre <malat@debian.org>
To: 722540@bugs.debian.org
Date: Mon, 17 Mar 2014 10:51:59 +0100
Control: found -1 1.5.1-2

Since bug is found within OpenJP3D code, there is no chance it can
impact version in stable (openjp3d is not even present as source).

Marked as found in versions 1.5.1-2. Request was from Mathieu Malaterre <malat@debian.org> to 722540-submit@bugs.debian.org. (Mon, 17 Mar 2014 09:54:05 GMT) (full text, mbox, link).

Set Bug forwarded-to-address to 'http://code.google.com/p/openjpeg/issues/detail?id=298'. Request was from Mathieu Malaterre <malat@debian.org> to control@bugs.debian.org. (Mon, 17 Mar 2014 10:09:14 GMT) (full text, mbox, link).

Reply sent to Mathieu Malaterre <malat@debian.org>:
You have taken responsibility. (Tue, 18 Mar 2014 14:57:05 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Tue, 18 Mar 2014 14:57:05 GMT) (full text, mbox, link).

Message #24 received at 722540-done@bugs.debian.org (full text, mbox, reply):

From: Mathieu Malaterre <malat@debian.org>
To: 722540-done@bugs.debian.org
Date: Tue, 18 Mar 2014 15:46:57 +0100
Control: tag -1 wontfix
Control: notfound -1 1.5.1-2

Actually the JP3D code is not part of the binary package. So this CVE
only affect source code that is not compiled on debian packages.

I have forwarded this upstream, and will work on having it fix.
Meanwhile I am closing this since it does not impact debian package at
all.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 16 Apr 2014 07:28:15 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:37:47 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started