Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted openjpeg2 2.4.0-3+deb11u3 (source) into oldoldstable-security
Date: Thu, 21 May 2026 12:20:16 +0000
Signed by: Jochen Sprickerhof <jspricke@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 21 May 2026 13:26:50 +0200
Source: openjpeg2
Architecture: source
Version: 2.4.0-3+deb11u3
Distribution: bullseye-security
Urgency: high
Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Jochen Sprickerhof <jspricke@debian.org>
Changes:
 openjpeg2 (2.4.0-3+deb11u3) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Fix CVE-2026-6192. A vulnerability was identified in uclouvain. This
     impacts the function opj_pi_initialise_encode in the library
     src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The
     attack must be carried out locally.
Checksums-Sha1:
 ac0ba3845e36bcaa1607f6fcfa2ff4320db7a8ae 2804 openjpeg2_2.4.0-3+deb11u3.dsc
 440a31d8a3dce22a6281946fb3d70aee25e1bd4a 1396964 openjpeg2_2.4.0.orig.tar.xz
 2fb482c3aa470d31a6e882c329b7409ab75c7e48 23256 openjpeg2_2.4.0-3+deb11u3.debian.tar.xz
 bdb67f18aa80b7f57f050d52eea435e479059d17 6828 openjpeg2_2.4.0-3+deb11u3_source.buildinfo
Checksums-Sha256:
 8fa987d58dc128e7e33627927e2b7c5ec46a528c1c3ce946733c21a8e56321bd 2804 openjpeg2_2.4.0-3+deb11u3.dsc
 4b89da8abea5ea4e8dd5b214f1633a492554d784b5aebc22cb6495a1e5fe681c 1396964 openjpeg2_2.4.0.orig.tar.xz
 577d605b94b98a9fe3f27d770c0d0d54cce1c31d3e0902a2389c685845b673a9 23256 openjpeg2_2.4.0-3+deb11u3.debian.tar.xz
 7f2de7d14b1cb5615b398da4955ac315325d54f586c04ed388bc574d93260f1f 6828 openjpeg2_2.4.0-3+deb11u3_source.buildinfo
Files:
 3985c36db33e5ba7f4ddc7b13b7da443 2804 libs optional openjpeg2_2.4.0-3+deb11u3.dsc
 763422d3efd5136c9b2bf7de4bd607b4 1396964 libs optional openjpeg2_2.4.0.orig.tar.xz
 88ad75828a640f5965e57403b80a164b 23256 libs optional openjpeg2_2.4.0-3+deb11u3.debian.tar.xz
 2e97d5ed6ef95558daebe89c1d854e42 6828 libs optional openjpeg2_2.4.0-3+deb11u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAmoO9FgUHGpzcHJpY2tl
QGRlYmlhbi5vcmcACgkQW//cwljmlDOWUw//WU7otjLcDzvq9hbIsvatkAqb+FMM
Dv137V9oK5x0Q2MEMACneqBv1hHYCtuXiJiLkfLmG3JMhs4gPX9uku4ZGRY8a8Z8
aBFSqDImhY7h3IcAXlkc7MHCdXGk+D96pJPm7TziqGsa0k46K2dDkyEuK0fBV+0q
IP9ShPzir2J4sFLI6lekPiYXxMTPhUrGbdSD38zZzEF3OTJSHKN0mbhpjv7WSjEe
k/ikLV9aC5PoDvIN2MRsa7zDrtnFNYXUVEDx8dw5ZLHjA0cfj0w/6kHYsEGnrZxL
IuG6qd7N9yTvett1T5h3Nw5ktOZyQ9oHIeuxBrCnxuHCUfch8VyKxJEka1tU/yBU
E0G1kvsrYyWC6xcYgsKoA0AARCrSXjZxT0QE8OXZhkB8bxfE3B0imI1lJjA1wLb6
MU4mKTwGcw/izf5MrtSzlaB9pIamqkwgRvtGxxvWrn4+m7i/+VpH7tkg3MdRPQtJ
+KlDbOOP1vO/xYUxT/1UlhdX5rNqTMdfyu4k1jgJU2cBAiQE3te+VaxQ9Q9HCUYY
0p8SgNS0SmZbxinuVbVa95H9movLj8tsJoAzojeKEl6PDDvl0ypdI0CdA4w+7JPm
ThgNEOn7ir5TmYadTcNqohpiDLgE0misRGxM8nfidxV1ziFvwtF8YuoDugJzyTC3
Zl6JiBykELXMmzQ=
=au1g
-----END PGP SIGNATURE-----

News for package openjpeg2