Debian Package Tracker

general

source: openjpeg2 (main)
version: 2.3.0-1.1
maintainer: Debian PhotoTools Maintainers (archive) [DMD]
uploaders: Mathieu Malaterre [DMD]
arch: all any
std-ver: 4.1.0
VCS: Subversion (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 2.1.0-2+deb8u3
old-sec: 2.1.0-2+deb8u6
stable: 2.1.2-1.1+deb9u2
stable-sec: 2.1.2-1.1+deb9u2
testing: 2.3.0-1.1
unstable: 2.3.0-1.1

versioned links

2.1.0-2+deb8u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.0-2+deb8u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.2-1.1+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.3.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.3.0-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libopenjp2-7
libopenjp2-7-dev
libopenjp2-tools
libopenjp3d-tools
libopenjp3d7
libopenjpip-dec-server
libopenjpip-server
libopenjpip-viewer
libopenjpip7

action needed

Failed to analyze the VCS repository. Please troubleshoot and fix the issue. high

vcswatch reports that there is an error with this package's VCS, or the debian/changelog file inside it. Please check the error shown below and try to fix it. You might have to update the VCS URL in the debian/control file to point to the correct repository.

svn: E170013: Unable to connect to a repository at URL 'svn://anonscm.debian.org/collab-maint/deb-maint/openjpeg2/trunk/debian' svn: E000111: Can't connect to host 'anonscm.debian.org': Connection refused

Created: 2017-12-03 Last update: 2019-01-18 15:30

7 security issues in stretch high

There are 7 open security issues in stretch.

4 important issues:

CVE-2018-6616: In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
CVE-2017-17480: In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVE-2018-5727: In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
CVE-2018-5785: In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

3 issues skipped by the security teams:

CVE-2018-14423: Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
CVE-2016-9112: Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.
CVE-2018-18088: OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c

Please fix them.

Created: 2016-09-08 Last update: 2018-12-22 14:51

5 security issues in jessie high

There are 5 open security issues in jessie.

1 important issue:

CVE-2018-5727: In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

4 issues skipped by the security teams:

CVE-2016-9112: Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.
CVE-2016-1923: Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
CVE-2016-3183: The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.
CVE-2014-7947: OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c.

Please fix them.

Created: 2015-09-15 Last update: 2018-12-22 14:51

6 security issues in buster high

There are 6 open security issues in buster.

6 important issues:

CVE-2017-17480: In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVE-2018-5727: In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
CVE-2018-5785: In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
CVE-2018-6616: In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
CVE-2018-14423: Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
CVE-2018-18088: OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c

Please fix them.

Created: 2017-12-09 Last update: 2018-12-22 14:51

6 security issues in sid high

There are 6 open security issues in sid.

6 important issues:

CVE-2017-17480: In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVE-2018-5727: In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
CVE-2018-5785: In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
CVE-2018-6616: In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
CVE-2018-14423: Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
CVE-2018-18088: OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c

Please fix them.

Created: 2017-12-09 Last update: 2018-12-22 14:51

lintian reports 7 warnings high

Lintian reports 7 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2014-09-03 Last update: 2018-12-15 06:22

Depends on packages which need a new maintainer normal

The packages that openjpeg2 depends on which need a new maintainer are:

apache2 (#910917)
- Recommends: apache2

Created: 2018-10-13 Last update: 2019-01-19 03:00

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

libopenjp2-7-dev could be marked Multi-Arch: same

Created: 2018-12-10 Last update: 2019-01-19 02:51

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2018-10-01 Last update: 2019-01-19 00:04

The URL(s) for this package had some recent persistent issues low

DUCK reports some issues concerning upstream URLs defined for this package.

Created: 2019-01-12 Last update: 2019-01-19 02:40

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2017-10-26 07:22

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.1.0).

Created: 2017-10-03 Last update: 2018-12-23 17:15

news

[rss feed]

[2018-12-22] Accepted openjpeg2 2.1.0-2+deb8u6 (source amd64 all) into oldstable (Hugo Lefeuvre)
[2018-12-13] openjpeg2 2.3.0-1.1 MIGRATED to testing (Debian testing watch)
[2018-12-07] Accepted openjpeg2 2.3.0-1.1 (source) into unstable (gregor herrmann)
[2018-11-19] Accepted openjpeg2 2.1.0-2+deb8u5 (source amd64 all) into oldstable (Hugo Lefeuvre)
[2018-07-19] Accepted openjpeg2 2.1.0-2+deb8u4 (source amd64 all) into oldstable (Thorsten Alteholz)
[2017-11-24] Accepted openjpeg2 2.1.0-2+deb8u3 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Mathieu Malaterre)
[2017-11-12] Accepted openjpeg2 2.1.2-1.1+deb9u2 (source) into proposed-updates->stable-new, proposed-updates (Mathieu Malaterre)
[2017-11-12] Accepted openjpeg2 2.1.2-1.1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Mathieu Malaterre)
[2017-10-21] openjpeg2 2.3.0-1 MIGRATED to testing (Debian testing watch)
[2017-10-16] Accepted openjpeg2 2.3.0-1 (source amd64 all) into unstable (Mathieu Malaterre)
[2017-10-08] openjpeg2 2.2.0-2 MIGRATED to testing (Debian testing watch)
[2017-10-03] Accepted openjpeg2 2.2.0-2 (source) into unstable (Mathieu Malaterre)
[2017-09-29] openjpeg2 2.2.0-1 MIGRATED to testing (Debian testing watch)
[2017-09-22] Accepted openjpeg2 2.2.0-1 (source amd64 all) into unstable (Mathieu Malaterre)
[2017-08-18] openjpeg2 2.1.2-1.3 MIGRATED to testing (Debian testing watch)
[2017-08-12] Accepted openjpeg2 2.1.2-1.3 (source amd64 all) into unstable (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2017-08-12] Accepted openjpeg2 2.1.2-1.2 (source) into unstable (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2017-01-28] openjpeg2 2.1.2-1.1 MIGRATED to testing (Debian testing watch)
[2017-01-28] Accepted openjpeg2 2.1.0-2+deb8u2 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2017-01-24] Accepted openjpeg2 2.1.2-1.1 (all source) into unstable (Salvatore Bonaccorso)
[2016-10-04] openjpeg2 2.1.2-1 MIGRATED to testing (Debian testing watch)
[2016-09-29] Accepted openjpeg2 2.1.2-1 (source) into unstable (Mathieu Malaterre)
[2016-09-17] Accepted openjpeg2 2.1.0-2+deb8u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Moritz Mühlenhoff)
[2016-07-17] openjpeg2 2.1.1-1 MIGRATED to testing (Debian testing watch)
[2016-07-11] Accepted openjpeg2 2.1.1-1 (source) into unstable (Mathieu Malaterre)
[2015-06-02] openjpeg2 2.1.0-2.1 MIGRATED to testing (Britney)
[2015-05-30] Accepted openjpeg2 2.1.0-2.1 (source amd64 all) into unstable (Jean-Michel Vourgère) (signed by: Jean-Michel Nirgal Vourgère)
[2014-10-18] openjpeg2 2.1.0-2 MIGRATED to testing (Britney)
[2014-10-07] Accepted openjpeg2 2.1.0-2 (source amd64 all) into unstable (Mathieu Malaterre)
[2014-10-05] openjpeg2 2.1.0-1 MIGRATED to testing (Britney)

bugs [bug history graph]

all: 17
RC: 1
I&N: 11
M&W: 5
F&P: 0
patch: 1

links

homepage
lintian (0, 7)
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.3.0-1.1
2 bugs