Description of problem: This bug is to track the Fedora fix for https://bugzilla.redhat.com/show_bug.cgi?id=1047494
The original fix for CVE-2013-6045 was reverted in 1.5.1-8 due to this regression, so Fedora is still vulnerable to -6045. Debian has released updated packages with a new patch for the CVE that fixes the regression. The patch is available from the Debian bug.
openjpeg-1.5.2 contains the fix
Backporting two hunks from 1.5.2.
openjpeg-1.5.1-13.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/openjpeg-1.5.1-13.fc20
openjpeg-1.5.1-13.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/openjpeg-1.5.1-13.fc21
Package openjpeg-1.5.1-13.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openjpeg-1.5.1-13.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-12458/openjpeg-1.5.1-13.fc21 then log in and leave karma (feedback).
openjpeg-1.5.1-13.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
openjpeg-1.5.1-13.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.