Bug 1093379

Summary: Fix for CVE-2013-6045 breaks decoding of chroma-subsampled images
Product: [Fedora] Fedora Reporter: Murray McAllister <mmcallis>
Component: openjpegAssignee: Jaromír Cápík <jcapik>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: 20CC: bgilbert, jcapik, oliver, ovasik, rdieter, sparks, twaugh, vdanen
Target Milestone: ---Keywords: SecurityTracking
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openjpeg-1.5.1-13.fc20 Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-12 05:00:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Murray McAllister 2014-05-01 14:51:53 UTC 
Description of problem:

This bug is to track the Fedora fix for https://bugzilla.redhat.com/show_bug.cgi?id=1047494
Comment 1 Benjamin Gilbert 2014-05-22 06:09:59 UTC 
The original fix for CVE-2013-6045 was reverted in 1.5.1-8 due to this regression, so Fedora is still vulnerable to -6045.  Debian has released updated packages with a new patch for the CVE that fixes the regression.  The patch is available from the Debian bug.
Comment 2 Jaromír Cápík 2014-10-08 18:29:49 UTC 
openjpeg-1.5.2 contains the fix
Comment 3 Jaromír Cápík 2014-10-08 19:08:39 UTC 
Backporting two hunks from 1.5.2.
Comment 4 Fedora Update System 2014-10-08 19:40:52 UTC 
openjpeg-1.5.1-13.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/openjpeg-1.5.1-13.fc20
Comment 5 Fedora Update System 2014-10-08 19:41:03 UTC 
openjpeg-1.5.1-13.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/openjpeg-1.5.1-13.fc21
Comment 6 Fedora Update System 2014-10-10 15:58:07 UTC 
Package openjpeg-1.5.1-13.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openjpeg-1.5.1-13.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-12458/openjpeg-1.5.1-13.fc21
then log in and leave karma (feedback).
Comment 7 Fedora Update System 2014-10-12 05:00:46 UTC 
openjpeg-1.5.1-13.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2014-10-14 04:29:29 UTC 
openjpeg-1.5.1-13.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.