This update fixes CVE-2018-18088 and CVE-2018-6616 ------------------------------------------------------------------------------- - ChangeLog:
* Thu Dec 20 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-6 - Backport patches for CVE-2018-18088, CVE-2018-6616 * Sat Oct 6 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-4 - Add openjpeg2_opj2.patch from native openjpeg2 package (#1636669) * Thu Oct 4 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-3 - Backport patch for CVE-2018-5785 (#1537758) * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Feb 8 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1638558 - CVE-2018-18088 openjpeg2: NULL pointer dereference in the imagetopnm function of jp2/convert.c https://bugzilla.redhat.com/show_bug.cgi?id=1638558 [ 2 ] Bug #1542321 - CVE-2018-6616 openjpeg2: Excessive iteration in openjp2/t1.c:opj_t1_encode_cblks can allow for denial of service via crafted BMP file https://bugzilla.redhat.com/show_bug.cgi?id=1542321 ------------------------------------------------------------------------------- -