Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

Tasklist

Task Type Bug Report Category Security Status Closed Assigned To Andreas Radke (AndyRTR) Levente Polyak (anthraxx) Architecture All Severity High Priority Normal Reported Version Due in Version Undecided Due Date Undecided Percent Complete Votes 0 Private No

Details Summary ======= The package openjpeg2 is vulnerable to multiple issues including arbitrary code execution and denial of service via CVE-2016-9118, CVE-2016-9117, CVE-2016-9116, CVE-2016-9115, CVE-2016-9114 and CVE-2016-9113. Guidance ======== A the writting time look like debian have no fixes, but Gentoo bugtreacking[1] there are some patches to fix some of the CVEs. [1] https://bugs.gentoo.org/show_bug.cgi?id=CVE-2016-9113 References ========== https://security.archlinux.org/AVG-54 https://github.com/uclouvain/openjpeg/issues/861 https://github.com/uclouvain/openjpeg/issues/860 https://github.com/uclouvain/openjpeg/issues/859 https://github.com/uclouvain/openjpeg/issues/858 https://github.com/uclouvain/openjpeg/issues/857 https://github.com/uclouvain/openjpeg/issues/856

Closed by  Andreas Radke (AndyRTR)
Thursday, 10 August 2017, 19:33 GMT
Reason for closing:  Fixed
Additional comments about closing:  2.2.0-1