package/openjpeg: security bump to version 2.5.2
Fixes the following security issues: CVE-2021-3575: A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. Signed-off-by: Angelo Compagnucci <angelo.compagnucci@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
parent
1126be70ff
commit
ff36bc68cd
@ -1,3 +1,3 @@
|
|||||||
# Locally computed:
|
# Locally computed:
|
||||||
sha256 0333806d6adecc6f7a91243b2b839ff4d2053823634d4f6ed7a59bc87409122a openjpeg-2.5.0.tar.gz
|
sha256 90e3896fed910c376aaf79cdd98bdfdaf98c6472efd8e1debf0a854938cbda6a openjpeg-2.5.2.tar.gz
|
||||||
sha256 a6af136f3e15038a666b61f376612a07d9a4e48cb7c01adbf3e33b3f14ab49b6 LICENSE
|
sha256 a6af136f3e15038a666b61f376612a07d9a4e48cb7c01adbf3e33b3f14ab49b6 LICENSE
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
#
|
#
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
OPENJPEG_VERSION = 2.5.0
|
OPENJPEG_VERSION = 2.5.2
|
||||||
OPENJPEG_SITE = $(call github,uclouvain,openjpeg,v$(OPENJPEG_VERSION))
|
OPENJPEG_SITE = $(call github,uclouvain,openjpeg,v$(OPENJPEG_VERSION))
|
||||||
OPENJPEG_LICENSE = BSD-2-Clause
|
OPENJPEG_LICENSE = BSD-2-Clause
|
||||||
OPENJPEG_LICENSE_FILES = LICENSE
|
OPENJPEG_LICENSE_FILES = LICENSE
|
||||||
|
Loading…
Reference in New Issue
Block a user