Comment 5 for bug 1630702
Revision history for this message
| Seth Arnold (seth-arnold) wrote Re: CVE-2016-8332 allows an out-of-bound heap write to occur resulting in heap corruption and arbitrary code execution | #5 |
Our openjpeg and openjpeg2 packages have far more than this one flaw
unaccounted for:
http://
http://
(I suspect that most issues that apply to one also apply to the other;
there is probably more overlap between the two packages.)
Fixing just one open issue is probably not worth the time; fixing most
of them would be. Finding fixes for all of them may not be feasible.
Since we rely upon our community users to test updates, we really do
need whoever supplies patches to have built and tested them all first. If
you're in for only one release, that's still useful, and perhaps someone
else would be willing to tackle the others later.
Probably the 2.x.x patch can be made to apply to the 1.5.2 version
we have packaged; the codebases looked very similar to me last time I
reviewed both.
Thanks