[Bug 225805] security/vuxml: Document multiple vulnerabilities in OpenJPEG
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Feb 10 13:43:09 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225805
Bug ID: 225805
Summary: security/vuxml: Document multiple vulnerabilities in
OpenJPEG
Product: Ports & Packages
Version: Latest
Hardware: Any
URL: https://github.com/uclouvain/openjpeg/issues?q=is%3Ais
sue+CVE-2018-5727+OR+CVE-2018-5785+OR+CVE-2018-6616
OS: Any
Status: New
Keywords: patch, security
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: ports-secteam at FreeBSD.org
Reporter: vlad-fbsd at acheronmedia.com
CC: sunpoet at FreeBSD.org
Assignee: ports-secteam at FreeBSD.org
Flags: maintainer-feedback?(ports-secteam at FreeBSD.org)
Created attachment 190481
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=190481&action=edit
Document multiple vulns in OpenJPEG
Multiple vulnerabilities have been found in OpenJPEG.
* CVE-2017-17479 (V3: 9.8 critical!)
https://nvd.nist.gov/vuln/detail/CVE-2017-17479
* CVE-2017-17480 (V3: 9.8 critical!)
https://nvd.nist.gov/vuln/detail/CVE-2017-17480
* CVE-2018-5727
https://nvd.nist.gov/vuln/detail/CVE-2018-5727
* CVE-2018-5785
https://nvd.nist.gov/vuln/detail/CVE-2018-5785
* CVE-2018-6616
https://nvd.nist.gov/vuln/detail/CVE-2018-6616
* Upstream reports:
https://github.com/uclouvain/openjpeg/issues?q=is%3Aissue+CVE-2018-5727+OR+CVE-2018-5785+OR+CVE-2018-6616
* Upstream for CVE-2017-17479 and 80:
https://github.com/uclouvain/openjpeg/issues/1044
Note: The upstream reports state "in latest version, 2.3" and NVD/Mitre report
"in OpenJPEG 2.3.0". I have, however, marked "up to and including" (le) 2.3.0.
Please correct me if that's wrong and only 2.3.0 (eq) should be listed.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list