Fix CVE-2021-29338: Integer Overflow in OpenJPEG v2.4.0 allows remote
attackers to crash the application, causing a Denial of Service (DoS).
This occurs when the attacker uses the command line option "-ImgDir" on
a directory that contains 1048576 files.
Fix CVE-2022-1122: A flaw was found in the opj2_decompress program in
openjpeg2 2.4.0 in the way it handles an input directory with a large
number of files. When it fails to allocate a buffer to store the
filenames of the input directory, it calls free() on an uninitialized
pointer, leading to a segmentation fault and a denial of service.
Drop patches (already in version)
https://github.com/uclouvain/openjpeg/blob/v2.5.0/NEWS.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 636f201062)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2ef9db7ad3