[Buildroot] [git commit branch/2024.02.x] package/openjpeg: security bump to version 2.5.3

Peter Korsgaard peter at korsgaard.com
Sat Feb 1 12:33:15 UTC 2025 

commit: https://git.buildroot.net/buildroot/commit/?id=5b5ee3de7127a8a21516ba60b263df471de26285
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2024.02.x

Fixes the following security issues:

- CVE-2024-56826: A flaw was found in the OpenJPEG project.  A heap buffer
  overflow condition may be triggered when certain options are specified
  while using the opj_decompress utility.  This can lead to an application
  crash or other undefined behavior.

  https://access.redhat.com/security/cve/CVE-2024-56826

- CVE-2024-56827: A flaw was found in the OpenJPEG project.  A heap buffer
  overflow condition may be triggered when certain options are specified
  while using the opj_decompress utility.  This can lead to an application
  crash or other undefined behavior.

  https://access.redhat.com/security/cve/CVE-2024-56827

Release notes: https://github.com/uclouvain/openjpeg/blob/v2.5.3/NEWS.md

Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Signed-off-by: Julien Olivain <ju.o at free.fr>
(cherry picked from commit 3bfa5ebcbf34800367a89b63aa548643e51297b4)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 package/openjpeg/openjpeg.hash | 2 +-
 package/openjpeg/openjpeg.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/openjpeg/openjpeg.hash b/package/openjpeg/openjpeg.hash
index 1e72054724..1992d5ca6a 100644
--- a/package/openjpeg/openjpeg.hash
+++ b/package/openjpeg/openjpeg.hash
@@ -1,3 +1,3 @@
 # Locally computed:
-sha256  90e3896fed910c376aaf79cdd98bdfdaf98c6472efd8e1debf0a854938cbda6a  openjpeg-2.5.2.tar.gz
+sha256  368fe0468228e767433c9ebdea82ad9d801a3ad1e4234421f352c8b06e7aa707  openjpeg-2.5.3.tar.gz
 sha256  a6af136f3e15038a666b61f376612a07d9a4e48cb7c01adbf3e33b3f14ab49b6  LICENSE
diff --git a/package/openjpeg/openjpeg.mk b/package/openjpeg/openjpeg.mk
index e7cb7505e9..275659cd3c 100644
--- a/package/openjpeg/openjpeg.mk
+++ b/package/openjpeg/openjpeg.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-OPENJPEG_VERSION = 2.5.2
+OPENJPEG_VERSION = 2.5.3
 OPENJPEG_SITE = $(call github,uclouvain,openjpeg,v$(OPENJPEG_VERSION))
 OPENJPEG_LICENSE = BSD-2-Clause
 OPENJPEG_LICENSE_FILES = LICENSE

More information about the buildroot mailing list