http://bugzilla.opensuse.org/show_bug.cgi?id=1002414 Bug ID: 1002414 Summary: CVE-2016-8332: OpenJPEG: OpenJPEG JPEG2000 mcc record Code Execution Vulnerability Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Hello! [1] info about: http://blog.talosintel.com/2016/09/vulnerability-spotlight-jpeg2000.html [2] Talos Vulnerability Report: http://www.talosintelligence.com/reports/TALOS-2016-0193/ Although tested version on [2] is OpenJpeg openjp2 2.1.1 and due to https://software.opensuse.org/package/openjpeg2 version 2.1.0 is being in use in openSUSE, this version potentially can be also vulnerable. Upstream report for 2.1.2, which is currently in release: https://github.com/uclouvain/openjpeg/issues/852 - waiting for resolution. Thanks! -- You are receiving this mail because: You are on the CC list for the bug.