Debian Bug report logs -
#722540
openjpeg: CVE-2013-4289 CVE-2013-4290
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
:
Bug#722540
; Package openjpeg
.
(Thu, 12 Sep 2013 06:03:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
.
(Thu, 12 Sep 2013 06:03:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: openjpeg
Severity: grave
Tags: security
Justification: user security hole
Please see http://seclists.org/oss-sec/2013/q3/593
Patches are not yet available.
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
:
Bug#722540
; Package openjpeg
.
(Sun, 12 Jan 2014 20:51:13 GMT) (full text, mbox, link).
Acknowledgement sent
to Arne Wichmann <aw@anhrefn.saar.de>
:
Extra info received and forwarded to list. Copy sent to Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
.
(Sun, 12 Jan 2014 20:51:14 GMT) (full text, mbox, link).
Message #10 received at 722540@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi.
Is there any progress on this bug? This grave issue is now open for three
months.
cu
AW
--
[...] If you don't want to be restricted, don't agree to it. If you are
coerced, comply as much as you must to protect yourself, just don't support
it. Noone can free you but yourself. (crag, on Debian Planet)
Arne Wichmann (aw@linux.de)
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
:
Bug#722540
; Package openjpeg
.
(Mon, 17 Mar 2014 09:54:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Mathieu Malaterre <malat@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
.
(Mon, 17 Mar 2014 09:54:05 GMT) (full text, mbox, link).
Message #15 received at 722540@bugs.debian.org (full text, mbox, reply):
Control: found -1 1.5.1-2
Since bug is found within OpenJP3D code, there is no chance it can
impact version in stable (openjp3d is not even present as source).
Marked as found in versions 1.5.1-2.
Request was from Mathieu Malaterre <malat@debian.org>
to 722540-submit@bugs.debian.org
.
(Mon, 17 Mar 2014 09:54:05 GMT) (full text, mbox, link).
Reply sent
to Mathieu Malaterre <malat@debian.org>
:
You have taken responsibility.
(Tue, 18 Mar 2014 14:57:05 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
Bug acknowledged by developer.
(Tue, 18 Mar 2014 14:57:05 GMT) (full text, mbox, link).
Message #24 received at 722540-done@bugs.debian.org (full text, mbox, reply):
Control: tag -1 wontfix
Control: notfound -1 1.5.1-2
Actually the JP3D code is not part of the binary package. So this CVE
only affect source code that is not compiled on debian packages.
I have forwarded this upstream, and will work on having it fix.
Meanwhile I am closing this since it does not impact debian package at
all.
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Wed, 16 Apr 2014 07:28:15 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:37:47 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.