Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted openjpeg2 2.4.0-3+deb11u1 (source) into oldstable-security
Date: Tue, 01 Apr 2025 20:50:21 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue,  1 Apr 2025 22:31:05 CEST
Source: openjpeg2
Architecture: source
Version: 2.4.0-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 3a69aca7aaa40dede2548193ccf0c9de5c0b7058 2926 openjpeg2_2.4.0-3+deb11u1.dsc
 440a31d8a3dce22a6281946fb3d70aee25e1bd4a 1396964 openjpeg2_2.4.0.orig.tar.xz
 b23a91d12c09daf01fed5e5643583792a4b7fb67 22404 openjpeg2_2.4.0-3+deb11u1.debian.tar.xz
 6ab5db3521679898c676e0b5de7b5a7bcd555ddf 18015 openjpeg2_2.4.0-3+deb11u1_amd64.buildinfo
Checksums-Sha256:
 19a42e724086f64ce9cb179e82ac5b8856cef38f4ee75a60a880b15b05878f23 2926 openjpeg2_2.4.0-3+deb11u1.dsc
 4b89da8abea5ea4e8dd5b214f1633a492554d784b5aebc22cb6495a1e5fe681c 1396964 openjpeg2_2.4.0.orig.tar.xz
 1369e583bdd0df341b7d2abb3177020f0d3d7db150a004d61d0364f309ae0769 22404 openjpeg2_2.4.0-3+deb11u1.debian.tar.xz
 8dfabd414ad709b6fd57374c81bf01baf93e22d680aa2533c2044c6cb791ca13 18015 openjpeg2_2.4.0-3+deb11u1_amd64.buildinfo
Changes:
 openjpeg2 (2.4.0-3+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2021-3575, CVE-2021-29338, CVE-2022-1122, CVE-2024-56826
     and CVE-2024-56827. Partially mitigate CVE-2023-39327.
     Several security vulnerabilities have been discovered in openjpeg2, a JPEG
     2000 image library. Processing of maliciously crafted image files may
     trigger heap-based buffer overflows which may lead to an application crash
     or other undefined behavior.
Files:
 35dd56d3b0df246f183d036f9f57f2bc 2926 libs optional openjpeg2_2.4.0-3+deb11u1.dsc
 763422d3efd5136c9b2bf7de4bd607b4 1396964 libs optional openjpeg2_2.4.0.orig.tar.xz
 e7a6ea28ba083f44845e61ebaa7275e5 22404 libs optional openjpeg2_2.4.0-3+deb11u1.debian.tar.xz
 e9d3411650b8ca58cef68a108b9c99f9 18015 libs optional openjpeg2_2.4.0-3+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmfsTipfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HknJwP/RDaEZa9CD1LjHhodv+Og1uJ7nem2+oQ9qCS
bDndOygQWwnsdebe2AnZeWrELyEUTfiqo1ZL1Zx8vGV4jsyQFDZ9bOC+/AwR9ZUu
QDOHF2rurMb9m0MBpqSF9+k3RW1E9uN+Lk/0dbcBhjblJmaIDUxQ7W9hCf07ly49
gHNRA25MPIeSfKlOoNCLt23UPkRJJm99Ikr9T38twzS3ZuPxIcFCyCglFp5f08c7
qD5LlQViCOcaQO4GHcN7rvFn36f/EXdBTHMbLYV83zJbeSUJMe9jAlHeWThZJ6g4
UGocct1fpKH8tlA68wZWkOP20R3nhq+ol/IyNVh3PnRnqCwBlxswN2EX7jE+tHE0
kfseFsUCYGfI64pub7vBlwEJeyTmaLNuC7v4ar0Qn1egtdy9+jF1UwKa3LnnYT0/
m3xOBtJtxCbWZWRJZH3YRAVmcSL2w182U29Po7NKJr+BKlT09RcPXC40bUe0BxAO
TWiiSq3KU0WUA176PyI1IzRYuvXrBUJ0rm2TcSlT0KJYfcS54j1hWyIvLtK/juB2
Y1ADc2y6kYCkCBWDZ99CbTkiccYy1Fcn/1Fto2jvz/HJLmQAtzgb450eG4OC6+kW
cMdbGmY5kPc68uibgvaQl1mnEbpD8slAV5FYKdh6sJ/H5sqPN93liWWz/tGk9sSD
PJ8DJr9L
=N01H
-----END PGP SIGNATURE-----

News for package openjpeg2