[Mageia-dev] Freeze push: openjpeg 1.5.0

David Walser luigiwalser at yahoo.com
Fri May 11 03:08:03 CEST 2012


David Walser wrote:
> David Walser wrote:
>> Funda Wang wrote:
>>> Hello,
>>> 
>>> Could somebody push openjpeg 1.5.0 into cauldron? It fixed
>>> CVE-2012-1499: The JPEG 2000 codec in OpenJPEG before 1.5 does not
>>> properly allocate memory during file parsing, which allows remote
>>> attackers to execute arbitrary code via a crafted file.
>>> 
>>> Thanks.
>> 
>> Funda, does a patch exist for this?  Mageia 1 should be vulnerable to this.
> 
> Funda, do you know what upstream commit(s) fixes this?

Just in case anyone was wondering, upstream commits 1330 and 1331 fix this, but only version 1.4 was vulnerable.  1.3 (in Mageia 1) is not.



More information about the Mageia-dev mailing list