Bug 1100147

Summary: Drop obsolete rhbz1036495_CVE-2013-6045.patch
Product: [Fedora] Fedora Reporter: Benjamin Gilbert <bgilbert>
Component: mingw-openjpegAssignee: Sandro Mani <manisandro>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: erik-fedora, manisandro
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: mingw-openjpeg-1.5.2-2.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-05-31 23:55:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Benjamin Gilbert 2014-05-22 06:27:09 UTC 
The original fix for CVE-2013-6045 disabled decoding of chroma-subsampled images (bug 1093379).  OpenJPEG 1.5.2 fixes the vulnerability in a way that doesn't disable that feature (https://bugs.debian.org/734238, messages 48, 53, and 60).  However, mingw-openjpeg 1.5.2 is still applying part of the original patch in rhbz1036495_CVE-2013-6045.patch, thus disabling decoding of these images, even though it is not needed on OpenJPEG > 1.5.1.
Comment 1 Benjamin Gilbert 2014-05-22 07:09:01 UTC 
The OpenJPEG 1.5.2 NEWS file (not included in the release tarball for some reason) also documents that -6045 has been fixed: http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS
Comment 2 Sandro Mani 2014-05-22 07:19:35 UTC 
Thanks for reporting! Fixed packages are building.
Comment 3 Fedora Update System 2014-05-22 07:30:49 UTC 
mingw-openjpeg-1.5.2-2.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/mingw-openjpeg-1.5.2-2.fc20
Comment 4 Fedora Update System 2014-05-22 07:31:31 UTC 
mingw-openjpeg-1.5.2-2.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/mingw-openjpeg-1.5.2-2.fc19
Comment 5 Fedora Update System 2014-05-23 18:57:02 UTC 
Package mingw-openjpeg-1.5.2-2.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing mingw-openjpeg-1.5.2-2.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-6611/mingw-openjpeg-1.5.2-2.fc19
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2014-05-31 23:55:23 UTC 
mingw-openjpeg-1.5.2-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2014-05-31 23:55:57 UTC 
mingw-openjpeg-1.5.2-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.