Accepted openexr 2.5.4-2+deb11u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted openexr 2.5.4-2+deb11u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 10 Dec 2022 19:17:13 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: openexr_2.5.4-2+deb11u1_source.changes
- Debian-source: openexr
- Debian-suite: proposed-updates
- Debian-version: 2.5.4-2+deb11u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=tvgbK6BV3yG6MYKSN4oOeaEEvb5YP6nNq60I0BRq0CI=; b=e7IrcB/8v7wg+YYF/D4YYjUIV+ lwtDmNZR2EGDZffKEhnbvWkwLbRjiujk6F8qJFHLAiwhEN6QU/OwuWdxRA6XjqIlJlKl+fTQc1c3I HZZECPZR8sf/twnZYpPJgHjuMUMtxVLedSonjOSLV3Xudqqkfe3peD01mmPcleeVHC3251x65y87c ZUA4zbwTiUB9IHo47UOxiQ1trnOeIRbha6xukFxZIV9FeHl/ox4gLNOHKvCBIgZSFcX6w20GTvP0F I59rMC4KplkBlTiJgHzFTPEsFBxhJP2sEU2pZVGzgqXK1h9IHqXkb+6bMx9jJx31yA3USkZCX7LXs 3LZUyNHg==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1p45LV-004ReM-PQ@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 10 Dec 2022 15:03:52 CET
Source: openexr
Architecture: source
Version: 2.5.4-2+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
5e02983d0c476b13a5813ca3cbe07429d9862359 2467 openexr_2.5.4-2+deb11u1.dsc
13a75bed4e3bfc10ff1304599b8de3613844971b 27535491 openexr_2.5.4.orig.tar.gz
23b0c22a137c3d9dc2ccf99edcf62b4b45173605 25788 openexr_2.5.4-2+deb11u1.debian.tar.xz
ddb131a8c56e364b77b28ba24dc6c4ccb3bbfef8 8662 openexr_2.5.4-2+deb11u1_amd64.buildinfo
Checksums-Sha256:
2807eaffae0d6ffde4e5414bfdf3fb89c2216b46dda5d9e4daefd14236bec3c5 2467 openexr_2.5.4-2+deb11u1.dsc
dba19e9c6720c6f64fbc8b9d1867eaa75da6438109b941eefdc75ed141b6576d 27535491 openexr_2.5.4.orig.tar.gz
83fba965ff63da0ba233b7cf7aca946e25b43ce15b8653b52291f07ce081bc1b 25788 openexr_2.5.4-2+deb11u1.debian.tar.xz
800b8a4e611d6fa9da4c3d02cfa47822bc8537553deea55ca68ff446c55ea003 8662 openexr_2.5.4-2+deb11u1_amd64.buildinfo
Closes: 990450 990899 992703 1014828
Changes:
openexr (2.5.4-2+deb11u1) bullseye-security; urgency=high
.
* Non-maintainer upload.
* Fix CVE-2021-3598, CVE-2021-3605, CVE-2021-3933, CVE-2021-3941,
CVE-2021-23215, CVE-2021-26260 and CVE-2021-45942.
Multiple security vulnerabilities have been found in OpenEXR, command-line
tools and a library for the OpenEXR image format. Buffer overflows or
out-of-bound reads could lead to a denial of service (application crash) if
a malformed image file is processed.
(Closes: #992703, #990450, #990899, #1014828, #1014828)
Files:
992773b63b8311e663418af41ab15609 2467 graphics optional openexr_2.5.4-2+deb11u1.dsc
e84577f884f05f7432b235432dfec455 27535491 graphics optional openexr_2.5.4.orig.tar.gz
98e9c23b8a1015c2541d283eead967ec 25788 graphics optional openexr_2.5.4-2+deb11u1.debian.tar.xz
2d8e495ef3a9b17b78dcb6000802b8ac 8662 graphics optional openexr_2.5.4-2+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmOUkc5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkY/IQALcxDCQOzT3U85D7EM1osUTjmhx3XppUhPFc
sLNsXYFNdHWZYlwdeRRkRMVcYfpIRx5HiIORK78JRGGMGhoWIpYidnpYm9DapZfb
tywRnMEvQeqOoKs144yvHq3orsMyIp9YrYZsN659xU1ftlfyJmCrucpIO0VE+Cv6
cwixGcvIODFBhqMf4Q7hIOitPbM45QR4m/fX72LuEgkn3JTVudx/UaD6PaLC1+0p
qFC7D67Z6iINrnCAWeLAShlTEi+HS0HXL4lquQnfTHRQn0gUEpn79Ut6yyG0Ak3g
DOiyVbnsRg2FD3gf7TYcO4YMs0EA4XQCm9pAXnJ8xd4pnSL8qKGR/vJRgMYnRJrT
lT/PvZn7YfhnBYfuggCJJSp7h/+5mX8+XfDPe0t7IXO5s6Xm1AI/jr75bV7l0DVs
7CN3OvXBVWf7RdwAEMMsBP6bM2XPaYc7ufCJyGoHNUMHfKDlJ1xrXNsLZNGh7DpH
8iS8yvYjyvNq/cTq73Ztm53UAPyxLRToGxg6D7jmUTYyr+ZuPYCh5wEwbMGHWojy
S7vLQXpY8Z9Sc9V7XY8V7MQDsWqrBiKTHFhO4LZ7WMxqhgpw4GwvBiTtbaVf5rSS
UswFngAj6RL4rFGw3MesiVfaL0bTyZyFcUQ/XJ5JySsmkyVhpvxpP/gqgzqvk35O
5xrzzVLQ
=Kw3W
-----END PGP SIGNATURE-----