[Mageia-dev] Freeze push: openjpeg 1.5.0
luigiwalser at yahoo.com
Sat Apr 14 20:44:39 CEST 2012
Funda Wang wrote:
> Could somebody push openjpeg 1.5.0 into cauldron? It fixed
> CVE-2012-1499: The JPEG 2000 codec in OpenJPEG before 1.5 does not
> properly allocate memory during file parsing, which allows remote
> attackers to execute arbitrary code via a crafted file.
Funda, does a patch exist for this? Mageia 1 should be vulnerable to this.
More information about the Mageia-dev