1100147 – Drop obsolete rhbz1036495_CVE-2013-6045.patch

Bug 1100147 - Drop obsolete rhbz1036495_CVE-2013-6045.patch

Summary: Drop obsolete rhbz1036495_CVE-2013-6045.patch

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	mingw-openjpeg
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Sandro Mani
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-05-22 06:27 UTC by Benjamin Gilbert
Modified:	2014-05-31 23:55 UTC (History)
CC List:	2 users (show)
Fixed In Version:	mingw-openjpeg-1.5.2-2.fc20
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-05-31 23:55:23 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Benjamin Gilbert 2014-05-22 06:27:09 UTC

The original fix for CVE-2013-6045 disabled decoding of chroma-subsampled images (bug 1093379).  OpenJPEG 1.5.2 fixes the vulnerability in a way that doesn't disable that feature (https://bugs.debian.org/734238, messages 48, 53, and 60).  However, mingw-openjpeg 1.5.2 is still applying part of the original patch in rhbz1036495_CVE-2013-6045.patch, thus disabling decoding of these images, even though it is not needed on OpenJPEG > 1.5.1.

Comment 1 Benjamin Gilbert 2014-05-22 07:09:01 UTC

The OpenJPEG 1.5.2 NEWS file (not included in the release tarball for some reason) also documents that -6045 has been fixed: http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS

Comment 2 Sandro Mani 2014-05-22 07:19:35 UTC

Thanks for reporting! Fixed packages are building.

Comment 3 Fedora Update System 2014-05-22 07:30:49 UTC

mingw-openjpeg-1.5.2-2.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/mingw-openjpeg-1.5.2-2.fc20

Comment 4 Fedora Update System 2014-05-22 07:31:31 UTC

mingw-openjpeg-1.5.2-2.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/mingw-openjpeg-1.5.2-2.fc19

Comment 5 Fedora Update System 2014-05-23 18:57:02 UTC

Package mingw-openjpeg-1.5.2-2.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing mingw-openjpeg-1.5.2-2.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-6611/mingw-openjpeg-1.5.2-2.fc19
then log in and leave karma (feedback).

Comment 6 Fedora Update System 2014-05-31 23:55:23 UTC

mingw-openjpeg-1.5.2-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2014-05-31 23:55:57 UTC

mingw-openjpeg-1.5.2-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.