FEDORA-EPEL-2020-4a9fc09599 created by smani 3 months ago for Fedora EPEL 7
unpushed

Backport patches for CVE-2020-27814, CVE-2020-27823, CVE-2020-27824, CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845, CVE-2020-6851, CVE-2020-8112.


This update fixes an incorrect unbundling of third-party libraries which resulted in the corresponding system libraries also not being used.

This update has been submitted for testing by smani.

3 months ago

This update's test gating status has been changed to 'ignored'.

3 months ago

This update's test gating status has been changed to 'waiting'.

3 months ago

This update has obsoleted openjpeg2-2.3.1-3.el7, and has inherited its bugs and notes.

3 months ago

This update's test gating status has been changed to 'ignored'.

3 months ago

This update has been pushed to testing.

3 months ago
User Icon tis commented & provided feedback 3 months ago
karma

openjpeg2-2.3.1-3.el7_7 is in rhel7. Please remove this package from epel7. Unfixed issues can only be fixed in rhel7 and this package must be removed from epel7.

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

3 months ago

This update can be pushed to stable now if the maintainer wishes

2 months ago

This update has been unpushed.


Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
-1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
3 months ago
in testing
3 months ago
BZ#1757822 opj2_compress/opj2_decompress don't work with png/tiff images
0
0
BZ#1790515 CVE-2020-6851 openjpeg2: openjpeg: a heap-based buffer overflow in opj_t1_clbl_decode_processor in libopenjp2.so [epel-all]
0
0
BZ#1800537 CVE-2020-8112 openjpeg2: openjpeg: heap based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c [epel-all]
0
0
BZ#1901999 CVE-2020-27814 openjpeg2: openjpeg: Heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS [epel-all]
0
0
BZ#1905726 CVE-2020-27824 openjpeg2: openjpeg: global-buffer-overflow read in lib-openjp2 [epel-all]
0
0
BZ#1906219 CVE-2020-27823 openjpeg2: openjpeg: Heap-buffer-overflow write in lib-openjp2 [epel-all]
0
0
BZ#1907672 CVE-2020-27841 openjpeg2: openjpeg: heap-based buffer overflows in lib/openjp2/pi.c [epel-7]
0
0
BZ#1907679 CVE-2020-27842 openjpeg2: openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c [epel-7]
0
0
BZ#1907685 CVE-2020-27843 openjpeg2: openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c [epel-7]
0
0
BZ#1907700 CVE-2020-27845 openjpeg2: openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c [epel-7]
0
0
BZ#1907702 CVE-2020-27845 openjpeg2: openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c [fedora-all]
0
0

Automated Test Results