From 6a9b7909bb3780c79625e3ca8d58f7494304a5cf Mon Sep 17 00:00:00 2001 From: Angelo Compagnucci Date: Thu, 25 Apr 2024 17:55:42 +0200 Subject: [PATCH] package/openjpeg: security bump to version 2.5.2 Fixes the following security issues: CVE-2021-3575: A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. Signed-off-by: Angelo Compagnucci Signed-off-by: Peter Korsgaard (cherry picked from commit ff36bc68cdba30f2a76da2b9f2047aa9a514e07e) Signed-off-by: Peter Korsgaard --- package/openjpeg/openjpeg.hash | 2 +- package/openjpeg/openjpeg.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/openjpeg/openjpeg.hash b/package/openjpeg/openjpeg.hash index cfa0e01b7d..1e72054724 100644 --- a/package/openjpeg/openjpeg.hash +++ b/package/openjpeg/openjpeg.hash @@ -1,3 +1,3 @@ # Locally computed: -sha256 0333806d6adecc6f7a91243b2b839ff4d2053823634d4f6ed7a59bc87409122a openjpeg-2.5.0.tar.gz +sha256 90e3896fed910c376aaf79cdd98bdfdaf98c6472efd8e1debf0a854938cbda6a openjpeg-2.5.2.tar.gz sha256 a6af136f3e15038a666b61f376612a07d9a4e48cb7c01adbf3e33b3f14ab49b6 LICENSE diff --git a/package/openjpeg/openjpeg.mk b/package/openjpeg/openjpeg.mk index 5b03a6cf58..e7cb7505e9 100644 --- a/package/openjpeg/openjpeg.mk +++ b/package/openjpeg/openjpeg.mk @@ -4,7 +4,7 @@ # ################################################################################ -OPENJPEG_VERSION = 2.5.0 +OPENJPEG_VERSION = 2.5.2 OPENJPEG_SITE = $(call github,uclouvain,openjpeg,v$(OPENJPEG_VERSION)) OPENJPEG_LICENSE = BSD-2-Clause OPENJPEG_LICENSE_FILES = LICENSE