Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#16546 closed enhancement (fixed)

openjpeg-2.5.0

Reported by: Xi Ruoyao Owned by: Bruce Dubbs
Priority: elevated Milestone: 11.2
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New minor version.

Note that the possibly security-related issue (#16235) still not fixed.

Change History (4)

comment:1 by Bruce Dubbs, 3 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 3 years ago

OpenJPEG 2.5.0 (May 2022)

No API/ABI break compared to v2.4.0, but additional symbols for subset of components decoding (hence the MINOR version bump).

  • Encoder: add support for generation of TLM markers
  • Decoder: add support for high throughput \(HTJ2K\) decoding.
  • Decoder: add support for partial bitstream decoding
  • Bug fixes (including security fixes)

CVE-2021-29338 Detail Current Description

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.

Rated medium severity.

https://nvd.nist.gov/vuln/detail/CVE-2021-29338

comment:3 by Bruce Dubbs, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at commit 06333e609fdeff6f628dd0ffc2d744628847fc0c 

Package updates.
    Update to zsh-5.9.
    Update to openjpeg-2.5.0.

comment:4 by Douglas R. Reno, 3 years ago

Priority: normalelevated

Retroactively promote to High. I'll look at #16235 again later, there's a much more pressing issue to take care of.

Note: See TracTickets for help on using tickets.