OpenJPEG NEWS - user visible changes ==================================== Changes from OpenJPEG 1.5.2 to OpenJPEG 1.5.1 ---------------------------------------------- Security: * Fixes: CVE-2013-4289 CVE-2013-4290 * Fixes: CVE-2013-1447 CVE-2013-6045 CVE-2013-6052 CVE-2013-6054 CVE-2013-6053 CVE-2013-6887 New Features: * Compile Java with source/target specific java version * Do not set SONAME for Java module, fix linking (missing math lib) * Support some BMP/RGB8 files * Fix compilation on ARM Misc: * Remove BSD-4 license from getopt copy, since upstream switched to BSD-3 * Support compilation against system installed getopt * Fix Big Endian checking (autotools) * Huge amount of bug fixes. See CHANGES for details. Changelog at: https://openjpeg.googlecode.com/svn/tags/version.1.5.2/CHANGES
*** This bug has been marked as a duplicate of bug 1088885 ***
Heh, the other bug started tracking openjpeg2 , re-opening this one for openjpeg(1) on f20: $ koji latest-pkg f20-updates openjpeg openjpeg2 Build Tag Built by ---------------------------------------- -------------------- ---------------- openjpeg-1.5.1-8.fc20 f20-updates rdieter openjpeg2-2.0.1-1.fc20 f20-updates smani Be mindful, that fedora's existing openjpeg-1.5.1 packaging has already been patched for all the aforementioned CVE/security issues.
I think we could update rawhide without worries. Gonna do that.
(In reply to Jaromír Cápík from comment #3) > I think we could update rawhide without worries. Gonna do that. 1.5.1 -> 1.5.2 should be safe: http://upstream-tracker.org/versions/openjpeg.html