[Mageia-dev] Freeze push: openjpeg 1.5.0

nicolas vigier boklm at mars-attacks.org
Fri Apr 13 15:36:23 CEST 2012

On Thu, 12 Apr 2012, Funda Wang wrote:

> Hello,
> Could somebody push openjpeg 1.5.0 into cauldron? It fixed
> CVE-2012-1499: The JPEG 2000 codec in OpenJPEG before 1.5 does not
> properly allocate memory during file parsing, which allows remote
> attackers to execute arbitrary code via a crafted file.

Submitted by ennael.

More information about the Mageia-dev mailing list