Accepted openexr 2.5.4-2 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 18 May 2021 23:26:12 +0200
Source: openexr
Architecture: source
Version: 2.5.4-2
Distribution: unstable
Urgency: high
Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Matteo F. Vescovi <mfv@debian.org>
Closes: 988240
Changes:
openexr (2.5.4-2) unstable; urgency=high
.
* debian/patches/: patchset updated
- CVE-2021-23169.diff added (Closes: #988240)
| This patch aims to fix CVE-2021-23169:
| Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
| The patch applied is a reduced version of the upstream
| commit, given the code base has changed in the meanwhile.
Checksums-Sha1:
6ccc3ce76a9956927dda26871590860a757240f9 2683 openexr_2.5.4-2.dsc
331e4f46fb179329e56c6e2655d429be0c619b48 21884 openexr_2.5.4-2.debian.tar.xz
ebfd615c8404206f50d55973c94fc73457fb0fe1 6009 openexr_2.5.4-2_source.buildinfo
Checksums-Sha256:
e4b4ed56c3edece1c074c8407ec7359c1c9a3e118d1d51aeb6f892f63af88dca 2683 openexr_2.5.4-2.dsc
bfbf60f4716ca6c366f4d51fea3eb10bf731e46e66e49755b8a64faeead9d8ac 21884 openexr_2.5.4-2.debian.tar.xz
72815fe310d20da5549bb3312d26ef2f107ef8143cf5c158a501c830baacb223 6009 openexr_2.5.4-2_source.buildinfo
Files:
4ddaf2bbba97ac690ae6e6695ff7cdca 2683 graphics optional openexr_2.5.4-2.dsc
2912fdcfa09685c30f0be1ffc849f782 21884 graphics optional openexr_2.5.4-2.debian.tar.xz
86f745247914a9286a4f96a3f0dc10ed 6009 graphics optional openexr_2.5.4-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
Comment: Debian powered!
iQKTBAEBCgB9FiEE890J+NqH0d9QRsmbBhL0lE7NzVoFAmCkMQVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYz
REQwOUY4REE4N0QxREY1MDQ2Qzk5QjA2MTJGNDk0NEVDRENENUEACgkQBhL0lE7N
zVqaUBAAmhLGqnrERZuhTdoYAJz6j80KU4CUgsU1Dz1SWoXJrpAQVxyeorsiae5f
niIKAnfhzwXkzH+CLZ6sdTpnFsua0+OD5QRZYUkPLBk6ReECw6y/c+zTzC75JMwN
solwWzyldghml64GEmjeXwr++9D0EcUGkXV5A0PMEiTjQLxx1Gr87DciM4YfVa0n
NBdowdRQU7QeDXWnvtD/8H6CjPVI3iC3tb+RpvX8WJ4ocwtUptUotm7OorzNxK1p
UHbLszaI3zNGumRJ7LyXcURfCxuYlXrqyEPkB8PMVMC9EfQu4iJebE+gtkdKSpMJ
p/3EE/1ZB/aYRKL6hQN3jZKMOWgfKfQvF4wI9QTfU4cNblsroV8CEM83z9cafx+o
hJ2RVPprfI11pWGHE9lUCEI5yME1cJ5iHn9/U82wgrW6EQT3yLByVWquDn00S9Fr
sIlVjoLC/Yty86RU8LN+bq+Dl/Oz0IYx8kJRzpj5P1JwCdafl6bjDC/KnzDfRBSs
hKsu3Osswxgzt09cICtfMccdztjMvpvVqjIBOR+Mk/dKrutWbmYSUbHRRtCusrZP
SWL9EG6/gSiq5hOUp09R/IAn7QPfQyXRIUyBYW+mH6m7TK8HWqGALaW9XKH+oRL0
0pADN+bkIv6Nc4U5ntC1onXBA3nMToSaOb4vU4vBVE/S4AtqXUI=
=zKSp
-----END PGP SIGNATURE-----