Comment 1 Moritz Muehlenhoff 2013-12-03 08:37:52 CET

Several vulnerabilities have been discovered in OpenJPEG, a JPEG 2000 image library, that may lead to denial of service (CVE-2013-1447) via application crash or high memory consumption, possible code execution through heap buffer overflows (CVE-2013-6045), information disclosure (CVE-2013-6052), or yet another heap buffer overflow that only appears to affect OpenJPEG 1.3 (CVE-2013-6054).

Comment 2 Moritz Muehlenhoff 2014-03-19 07:11:26 CET

(In reply to Moritz Muehlenhoff from comment #0)
> Multiple buffer overflows (CVE-2013-4289 CVE-2013-4290)

These don't affect Debian/UCS; while the affected code is present in the source package, it's not built.

Comment 3 Moritz Muehlenhoff 2014-06-02 07:59:08 CEST

The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014.

The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes.

Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions.