Debian Package Tracker

general

source: openjpeg2 (main)
version: 2.3.0-2
maintainer: Debian PhotoTools Maintainers (archive) [DMD]
uploaders: Hugo Lefeuvre [DMD] – Mathieu Malaterre [DMD]
arch: all any
std-ver: 4.1.0
VCS: Subversion (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 2.1.0-2+deb8u3
old-sec: 2.1.0-2+deb8u6
stable: 2.1.2-1.1+deb9u2
stable-sec: 2.1.2-1.1+deb9u3
stable-p-u: 2.1.2-1.1+deb9u3
testing: 2.3.0-2
unstable: 2.3.0-2

versioned links

2.1.0-2+deb8u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.0-2+deb8u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.2-1.1+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.2-1.1+deb9u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.3.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.3.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libopenjp2-7
libopenjp2-7-dev
libopenjp2-tools
libopenjp3d-tools
libopenjp3d7
libopenjpip-dec-server
libopenjpip-server
libopenjpip-viewer
libopenjpip7

action needed

Failed to analyze the VCS repository. Please troubleshoot and fix the issue. high

vcswatch reports that there is an error with this package's VCS, or the debian/changelog file inside it. Please check the error shown below and try to fix it. You might have to update the VCS URL in the debian/control file to point to the correct repository.

svn: E170013: Unable to connect to a repository at URL 'svn://anonscm.debian.org/collab-maint/deb-maint/openjpeg2/trunk/debian' svn: E000111: Can't connect to host 'anonscm.debian.org': Connection refused

Created: 2017-12-03 Last update: 2019-03-20 03:13

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2019-6988: An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.

Please fix it.

Created: 2017-12-09 Last update: 2019-03-14 11:04

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2018-10-01 Last update: 2019-03-20 06:11

Depends on packages which need a new maintainer normal

The packages that openjpeg2 depends on which need a new maintainer are:

apache2 (#910917)
- Recommends: apache2

Created: 2018-10-13 Last update: 2019-03-20 06:00

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

libopenjp2-7-dev could be marked Multi-Arch: same

Created: 2019-03-13 Last update: 2019-03-20 02:47

The URL(s) for this package had some recent persistent issues low

DUCK reports some issues concerning upstream URLs defined for this package.

Created: 2019-01-12 Last update: 2019-03-20 06:03

2 ignored security issues in stretch low

There are 2 open security issues in stretch.

2 issues skipped by the security teams:

CVE-2019-6988: An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.
CVE-2016-9112: Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.

Please fix them.

Created: 2016-09-08 Last update: 2019-03-14 11:04

5 ignored security issues in jessie low

There are 5 open security issues in jessie.

5 issues skipped by the security teams:

CVE-2016-3183: The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.
CVE-2016-1923: Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
CVE-2019-6988: An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.
CVE-2016-9112: Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.
CVE-2014-7947: OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c.

Please fix them.

Created: 2015-09-15 Last update: 2019-03-14 11:04

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2019-6988: An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.

Please fix it.

Created: 2017-12-09 Last update: 2019-03-14 11:04

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2019-03-11 Last update: 2019-03-11 15:23

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.1.0).

Created: 2017-10-03 Last update: 2019-03-10 23:32

news

[rss feed]

[2019-03-15] openjpeg2 2.3.0-2 MIGRATED to testing (Debian testing watch)
[2019-03-12] Accepted openjpeg2 2.1.2-1.1+deb9u3 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Luciano Bello)
[2019-03-10] Accepted openjpeg2 2.3.0-2 (source) into unstable (Mathieu Malaterre)
[2019-03-10] Accepted openjpeg2 2.1.2-1.1+deb9u3 (source amd64 all) into stable->embargoed, stable (Luciano Bello)
[2018-12-22] Accepted openjpeg2 2.1.0-2+deb8u6 (source amd64 all) into oldstable (Hugo Lefeuvre)
[2018-12-13] openjpeg2 2.3.0-1.1 MIGRATED to testing (Debian testing watch)
[2018-12-07] Accepted openjpeg2 2.3.0-1.1 (source) into unstable (gregor herrmann)
[2018-11-19] Accepted openjpeg2 2.1.0-2+deb8u5 (source amd64 all) into oldstable (Hugo Lefeuvre)
[2018-07-19] Accepted openjpeg2 2.1.0-2+deb8u4 (source amd64 all) into oldstable (Thorsten Alteholz)
[2017-11-24] Accepted openjpeg2 2.1.0-2+deb8u3 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Mathieu Malaterre)
[2017-11-12] Accepted openjpeg2 2.1.2-1.1+deb9u2 (source) into proposed-updates->stable-new, proposed-updates (Mathieu Malaterre)
[2017-11-12] Accepted openjpeg2 2.1.2-1.1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Mathieu Malaterre)
[2017-10-21] openjpeg2 2.3.0-1 MIGRATED to testing (Debian testing watch)
[2017-10-16] Accepted openjpeg2 2.3.0-1 (source amd64 all) into unstable (Mathieu Malaterre)
[2017-10-08] openjpeg2 2.2.0-2 MIGRATED to testing (Debian testing watch)
[2017-10-03] Accepted openjpeg2 2.2.0-2 (source) into unstable (Mathieu Malaterre)
[2017-09-29] openjpeg2 2.2.0-1 MIGRATED to testing (Debian testing watch)
[2017-09-22] Accepted openjpeg2 2.2.0-1 (source amd64 all) into unstable (Mathieu Malaterre)
[2017-08-18] openjpeg2 2.1.2-1.3 MIGRATED to testing (Debian testing watch)
[2017-08-12] Accepted openjpeg2 2.1.2-1.3 (source amd64 all) into unstable (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2017-08-12] Accepted openjpeg2 2.1.2-1.2 (source) into unstable (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2017-01-28] openjpeg2 2.1.2-1.1 MIGRATED to testing (Debian testing watch)
[2017-01-28] Accepted openjpeg2 2.1.0-2+deb8u2 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2017-01-24] Accepted openjpeg2 2.1.2-1.1 (all source) into unstable (Salvatore Bonaccorso)
[2016-10-04] openjpeg2 2.1.2-1 MIGRATED to testing (Debian testing watch)
[2016-09-29] Accepted openjpeg2 2.1.2-1 (source) into unstable (Mathieu Malaterre)
[2016-09-17] Accepted openjpeg2 2.1.0-2+deb8u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Moritz Mühlenhoff)
[2016-07-17] openjpeg2 2.1.1-1 MIGRATED to testing (Debian testing watch)
[2016-07-11] Accepted openjpeg2 2.1.1-1 (source) into unstable (Mathieu Malaterre)
[2015-06-02] openjpeg2 2.1.0-2.1 MIGRATED to testing (Britney)

bugs [bug history graph]

all: 13
RC: 0
I&N: 8
M&W: 5
F&P: 0
patch: 1

links

homepage
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.3.0-2
2 bugs