openjpeg2 (2.1.0-2+deb8u10) jessie-security; urgency=medium

  * Non-maintainer upload by the LTS team.
  * CVE-2020-8112: Avoid integer overflow in OPJ_MACRO_TCD_ALLOCATE macro
    (aka static function opj_tcd_init_tile() in later versions of openjpeg2).
    (Closes: #950184).

 -- Mike Gabriel <sunweaver@debian.org>  Thu, 30 Jan 2020 19:22:27 +0100

openjpeg2 (2.1.0-2+deb8u9) jessie-security; urgency=medium

  * Non-maintainer upload by the LTS team.
  * CVE-2020-6851: opj_j2k_update_image_dimensions(): reject images whose
    coordinates are beyond INT_MAX.

 -- Mike Gabriel <sunweaver@debian.org>  Tue, 28 Jan 2020 14:22:26 +0100

openjpeg2 (2.1.0-2+deb8u8) jessie-security; urgency=medium

  * Non-maintainer upload by the LTS Security Team.
  * CVE-2018-21010: heap buffer overflow in color_apply_icc_profile
    (bin/common/color.c) (Closes: #939553).

 -- Hugo Lefeuvre <hle@debian.org>  Tue, 08 Oct 2019 14:12:08 +0200

openjpeg2 (2.1.0-2+deb8u7) jessie-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2016-9112:
    A floating point exception or divide by zero in the function
    opj_pi_next_cprl may lead to a denial-of-service.
  * Fix CVE-2018-20847:
    An improper computation of values in the function opj_get_encoding_parameters
    can lead to an integer overflow. This issue was partly fixed by the patch
    for CVE-2015-1239.

 -- Markus Koschany <apo@debian.org>  Wed, 10 Jul 2019 18:03:52 +0200

openjpeg2 (2.1.0-2+deb8u6) jessie-security; urgency=high

  * Non-maintainer upload by the LTS Team.
  * CVE-2018-14423: Division-by-zero vulnerabilities in the functions
    pi_next_pcrl, pi_next_cprl, and pi_next_rpcl (closes: #904873).
  * CVE-2018-6616: Excessive Iteration in opj_t1_encode_cblks
    (closes: #889683).

 -- Hugo Lefeuvre <hle@debian.org>  Sat, 22 Dec 2018 11:50:11 +0100

openjpeg2 (2.1.0-2+deb8u5) jessie-security; urgency=high

  * Non-maintainer upload by the LTS Team.
  * CVE-2017-17480: write stack buffer overflow due to missing buffer
    length formatter in fscanf call.
  * CVE-2018-18088: null pointer dereference caused by null image
    components in imagetopnm.

 -- Hugo Lefeuvre <hle@debian.org>  Mon, 19 Nov 2018 17:23:30 +0100

openjpeg2 (2.1.0-2+deb8u4) jessie-security; urgency=high

  * Non-maintainer upload by the LTS Team. 
  * CVE-2015-1239
    Fix for denial of service (process crash) via a crafted PDF.
  * CVE-2016-5139
    Fix for integer overflows, allowing a denial of service
    (heap-based buffer overflow) or possibly have unspecified
    other impact via crafted JPEG 2000 data.
 
 -- Thorsten Alteholz <debian@alteholz.de>  Thu, 19 Jul 2018 19:03:02 +0200

openjpeg2 (2.1.0-2+deb8u3) jessie-security; urgency=medium

  * CVE-2016-9118: c22cbd8bdf8ff2ae372f94391a4be2d322b36b41.patch
  * CVE-2016-5152: 3fbe71369019df0b47c7a2be4fab8c05768f2f32.patch
  * CVE-2016-1628: 11445eddad7e7fa5b273d1c83c91011c44e5d586.patch
  * CVE-2016-10504: not needed
  * CVE-2017-14039: CVE-2017-14039.patch
  * CVE-2017-14040: 2cd30c2b06ce332dede81cccad8b334cde997281.patch
  * CVE-2017-14041: e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch
  * CVE-2017-14151: not needed
  * CVE-2017-14152: dcac91b8c72f743bda7dbfa9032356bc8110098a.patch
  * CVE-2016-5157: CVE-2016-5157.patch

 -- Mathieu Malaterre <malat@debian.org>  Mon, 23 Oct 2017 20:43:14 +0200

openjpeg2 (2.1.0-2+deb8u2) jessie-security; urgency=medium

  * CVE-2016-5159 CVE-2016-8332 CVE-2016-9572 CVE-2016-9573

 -- Moritz Muehlenhoff <jmm@debian.org>  Sat, 14 Jan 2017 18:50:54 +0100

openjpeg2 (2.1.0-2+deb8u1) jessie-security; urgency=medium

  * CVE-2015-6581 CVE-2015-8871 CVE-2016-1924 CVE-2016-7163

 -- Moritz Mühlenhoff <jmm@debian.org>  Fri, 09 Sep 2016 20:14:50 +0200

openjpeg2 (2.1.0-2) unstable; urgency=low

  * Install *.pc files. Closes: #762251
  * Remove cmake-fatal-error export stuff
  * Fix warnings in d/copyright
  * Bump Std-Vers to 3.9.6, no changes needed
  * Fix include path in export file to handle multi-arch install
    + debian/patches/multiarch_path.patch

 -- Mathieu Malaterre <malat@debian.org>  Tue, 07 Oct 2014 13:14:43 +0200

openjpeg2 (2.1.0-1) unstable; urgency=low

  * New upstream. Closes: #761154, #761155
  * Rename binary packages to prevent conflicts. Closes: #760874
  * Remove "Multi-Arch: same" for -dev package. Closes: #760421

 -- Mathieu Malaterre <malat@debian.org>  Thu, 11 Sep 2014 17:40:46 +0200

openjpeg2 (2.0.0-1) unstable; urgency=low

  * New upstream. Closes: #738655.

 -- Mathieu Malaterre <malat@debian.org>  Fri, 23 May 2014 18:23:37 +0200
