The original fix for CVE-2013-6045 disabled decoding of chroma-subsampled images (bug 1093379). OpenJPEG 1.5.2 fixes the vulnerability in a way that doesn't disable that feature (https://bugs.debian.org/734238, messages 48, 53, and 60). However, mingw-openjpeg 1.5.2 is still applying part of the original patch in rhbz1036495_CVE-2013-6045.patch, thus disabling decoding of these images, even though it is not needed on OpenJPEG > 1.5.1.
The OpenJPEG 1.5.2 NEWS file (not included in the release tarball for some reason) also documents that -6045 has been fixed: http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS
Thanks for reporting! Fixed packages are building.
mingw-openjpeg-1.5.2-2.fc20 has been submitted as an update for Fedora 20.
mingw-openjpeg-1.5.2-2.fc19 has been submitted as an update for Fedora 19.
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing mingw-openjpeg-1.5.2-2.fc19'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
mingw-openjpeg-1.5.2-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
mingw-openjpeg-1.5.2-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.