Comment 11 for bug 1630702
Revision history for this message
| Wise Melon (wise-melon-deactivatedaccount) wrote | #11 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
e3ace39
(Get the code!)
This was my conclusion after looking through the CVEs in the list for openjpeg2:
CVE-2014-7945: Half done but unconfirmable (some files are so different I am unable to find the relevant lines in them).
CVE-2014-7947: Can’t find patch.
CVE-2015-8871: Seems a patched.
CVE-2016-1923: Can’t find patch.
CVE-2016-1924: Seems already patched.
CVE-2016-3181: Closed upstream as duplicate of CVE-2016-3182 bug report (I am confused about what to do for this).
CVE-2016-3182: Seems already patched.
CVE-2016-3183: Some changes are already present in accordance to the upstream patch, however in the majority of cases the file is so different to the upstream one that I am unable to figure what to put where. I am also concerned that as they are so different that perhaps the changes would not be compatible with it.
CVE-2016-4796: Seems already patched.
CVE-2016-4797: Seems already patched.
CVE-2016-7445: Unable to view patch.
CVE-2016-7163: Successfully patched.
CVE-2016-8332: Successfully patched.
I will now attach the debdiffs for Yakkety and Xenial with those two patches patched. I have never done a debdiff for CVE related fixes before so I hope that I have done everything correctly. I assume that you will let me know if I have not so that I can fix any issues.