Back to openexr PTS page

Accepted openexr 2.5.0-1 (source) into experimental

To: debian-experimental-changes@lists.debian.org, debian-devel-changes@lists.debian.org
Subject: Accepted openexr 2.5.0-1 (source) into experimental
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 11 May 2020 15:05:45 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1jYA01-000G5L-23@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 11 May 2020 16:33:24 +0200
Source: openexr
Architecture: source
Version: 2.5.0-1
Distribution: experimental
Urgency: medium
Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Matteo F. Vescovi <mfv@debian.org>
Changes:
 openexr (2.5.0-1) experimental; urgency=medium
 .
   * New upstream release, fixing following security issues:
     + CVE-2020-11758:
     | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-
     | bounds read in ImfOptimizedPixelReading.h.
     + CVE-2020-11759:
     | An issue was discovered in OpenEXR before 2.4.1. Because of integer
     | overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and
     | readSampleCountForLineBlock, an attacker can write to an out-of-bounds
     | pointer.
     + CVE-2020-11760:
     | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-
     | bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
     + CVE-2020-11761:
     | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-
     | bounds read during Huffman uncompression, as demonstrated by
     | FastHufDecoder::refill in ImfFastHuf.cpp.
     + CVE-2020-11762:
     | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-
     | bounds read and write in DwaCompressor::uncompress in
     | ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
     + CVE-2020-11763:
     | An issue was discovered in OpenEXR before 2.4.1. There is an
     | std::vector out-of-bounds read and write, as demonstrated by
     | ImfTileOffsets.cpp.
     + CVE-2020-11764:
     | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-
     | bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
     + CVE-2020-11765:
     | An issue was discovered in OpenEXR before 2.4.1. There is an off-by-
     | one error in use of the ImfXdr.h read function by
     | DwaCompressor::Classifier::Classifier, leading to an out-of-bounds
     | read.
   * debian/watch: upstream URL updated
   * debian/control:
     - S-V bump 4.4.0 -> 4.5.0 (no changes needed)
     - RRR set
     - debhelper bump 12 -> 13
     - cmake b-dep added
   * debian/patches/: patchset refreshed against v2.5.0
   * debian/copyright: entries updated and refreshed
   * debian/libopenexr-dev.install: useless files dropped
   * debian/libopenexr-dev.dirs: useless file dropped
   * debian/openexr-doc.docs: installation path updated
   * debian/openexr.install: executables path updated
   * debian/libopenexr-dev.install: cmake helpers added
   * debian/openexr-doc.examples: installation paths updated
Checksums-Sha1:
 6db8db2086c31bc83f0ba537e9c59b1af85e2d90 2685 openexr_2.5.0-1.dsc
 b02c5692e311e2a1050b836b4dc80d673e78343b 27669441 openexr_2.5.0.orig.tar.gz
 6f997712a29713d935524f191b45326308e7cb06 287 openexr_2.5.0.orig.tar.gz.asc
 aee12aa1bf6d6e63dc5df128b6b2aa76c5394046 21296 openexr_2.5.0-1.debian.tar.xz
 3629b68262ec718e9af77e8a43c796c13989b360 5610 openexr_2.5.0-1_source.buildinfo
Checksums-Sha256:
 de57f59eaab4161d99478c2ba2c4548254fb58fece80b50c0a65e797a1458ea1 2685 openexr_2.5.0-1.dsc
 74b04aa4026c16675d235a107fe48ee17486dbaafe14c5fb34755f311a715412 27669441 openexr_2.5.0.orig.tar.gz
 5e1eb79671cac79d5142fd50757740b133b614ab23732992c617a47088ad3aa9 287 openexr_2.5.0.orig.tar.gz.asc
 7500fa1191482d601ce92bdc165f4fc71ee843864bd12650155ea94d1382caea 21296 openexr_2.5.0-1.debian.tar.xz
 7fb4e395cb1c82b7bf6575fdb28b5d7f468babb4b324f9e17267d025923998b8 5610 openexr_2.5.0-1_source.buildinfo
Files:
 e705a5cf2695fbd02ef98971b323772c 2685 graphics optional openexr_2.5.0-1.dsc
 73e8cb1dee761d2fc989216a975ee48c 27669441 graphics optional openexr_2.5.0.orig.tar.gz
 a9926f44ddb10ee2d9acb2558f9d7ae4 287 graphics optional openexr_2.5.0.orig.tar.gz.asc
 4038e17a3dfa79ab2110362ab9d81781 21296 graphics optional openexr_2.5.0-1.debian.tar.xz
 6cc21acc2ad1bb0eabc21178bcba624b 5610 graphics optional openexr_2.5.0-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----
Comment: Debian powered!

iQKTBAEBCgB9FiEE890J+NqH0d9QRsmbBhL0lE7NzVoFAl65Yo1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYz
REQwOUY4REE4N0QxREY1MDQ2Qzk5QjA2MTJGNDk0NEVDRENENUEACgkQBhL0lE7N
zVpojw//YF+bdkOKb9fP8oiGlvl8WTbq3gdEXHl6Us5XoT9hRr++WRGXWtnv+ADL
vVFltZg8BEklC9zkbFnzWwAh8vVxHbjYu4wN7DIZBbsRvjMgvpB7B2/n40zmqHA4
iOR2TB+fC17GRciWMHfqVMGlJQrmBJZTU4mWo0okZp3TR2OwknoHT3gqMeJQD5EG
mYH/ny25f3W1evHb+WPsmACoT5Ld89hJnRcLbe5VFBbdMXmgURWfGe3sciQyUVaw
JNX+nvvfCwXgAOHuADKqTijze1hzmO3FFw2LwocsDzbvMXs3nitfFSiCd/Nkllnx
Pgm/XvW5mcByJQMfPLe5OPmawTz/FXNz39p4PNwXzmLM7pov6Cl/sGJZ7TaxHmoL
iZ1ULyf45sMJ3PBEpHaC77sUNEEH3HdFXVWZfLKEjh89NPg/YBhROyUA+Mk6gUux
LWqnEPsNpGJm40+2gtqzBNkbslDTtR0uoVuO/wwyKzhurC6Mpac74WBePeSvlL+r
OeqcH4jLtso+hXdQEf1O6fSCIbaj9vmHT92dXBFmWessgSqp05GA9cWWXCU6uWza
ltCYYchWNISPlF2a9JD1KiydhobpmW96oSIroWgg23r8jGhhCI9umpShmTI2JES8
N2fYWGUVkE1zi9zi+cyofXZwiys44z1DIEerH9ot3RCueWtSqck=
=sXRE
-----END PGP SIGNATURE-----