[Mageia-dev] Freeze push: openjpeg 1.5.0

David Walser luigiwalser at yahoo.com
Sat Apr 14 20:44:39 CEST 2012


Funda Wang wrote:
> Hello,
> 
> Could somebody push openjpeg 1.5.0 into cauldron? It fixed
> CVE-2012-1499: The JPEG 2000 codec in OpenJPEG before 1.5 does not
> properly allocate memory during file parsing, which allows remote
> attackers to execute arbitrary code via a crafted file.
> 
> Thanks.

Funda, does a patch exist for this?  Mageia 1 should be vulnerable to this.



More information about the Mageia-dev mailing list