touch-packages team mailing list archive

[Benjamin Gilbert <bgilbert@xxxxxxxxxxxx>]

Public bug reported:

The patch for CVE-2013-6045, as shipped in Ubuntu 10.04, 12.04, and 14.04, disables decoding of images whose first 
color component has a higher resolution than subsequent components.  This occurs, for example, in YCbCr images with chroma subsampling.  This regression does not affect newer Ubuntu releases which ship OpenJPEG 1.5.2 or above.

The original Debian bug report is <https://bugs.debian.org/734238>.
Debian released an updated DSA on April 22 to correct the regression
(https://lists.debian.org/debian-security-announce/2014/msg00090.html),
but the fix has not propagated to Ubuntu.

** Affects: openjpeg (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openjpeg in Ubuntu.
https://bugs.launchpad.net/bugs/1404084

Title:
  Fix for CVE-2013-6045 breaks decoding of chroma-subsampled images

Status in openjpeg package in Ubuntu:
  New

Bug description:
  The patch for CVE-2013-6045, as shipped in Ubuntu 10.04, 12.04, and 14.04, disables decoding of images whose first 
  color component has a higher resolution than subsequent components.  This occurs, for example, in YCbCr images with chroma subsampling.  This regression does not affect newer Ubuntu releases which ship OpenJPEG 1.5.2 or above.

  The original Debian bug report is <https://bugs.debian.org/734238>.
  Debian released an updated DSA on April 22 to correct the regression
  (https://lists.debian.org/debian-security-
  announce/2014/msg00090.html), but the fix has not propagated to
  Ubuntu.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjpeg/+bug/1404084/+subscriptions