[ubuntu/bionic-updates] openexr 2.2.0-11.1ubuntu1.7 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Jun 22 11:28:13 UTC 2021
openexr (2.2.0-11.1ubuntu1.7) bionic-security; urgency=medium
* SECURITY UPDATE: Heap-buffer-overflow in function readChars
- debian/patches/CVE-2021-3598.patch: verify data size in deepscanlines
with NO_COMPRESSION in IlmImf/ImfDeepScanLineInputFile.cpp.
- CVE-2021-3598
* SECURITY UPDATE: Heap buffer overflow in the rleUncompress function
- debian/patches/CVE-2021-3605.patch: detect buffer overflows in
IlmImf/ImfRle.cpp.
- CVE-2021-3605
* SECURITY UPDATE: null deref in Dwa decompression
- debian/patches/CVE-2021-20296.patch: double-check unpackedBuffer
created in DWA uncompress in IlmImf/ImfDwaCompressor.cpp.
- CVE-2021-20296
* SECURITY UPDATE: heap overflow in DwaCompressor
- debian/patches/CVE-2021-23215-pre1.patch: switch over to use
compressBound() instead of manually computing headroom for compress()
in IlmImf/ImfDwaCompressor.cpp.
- debian/patches/CVE-2021-23215.patch: use size_t for DWA buffersize
calculation in IlmImf/ImfDwaCompressor.cpp.
- CVE-2021-23215
* SECURITY UPDATE: heap overflow in DwaCompressor
- debian/patches/CVE-2021-26260.patch: prevent int overflow in
buffersize calculation in IlmImf/ImfDwaCompressor.cpp.
- CVE-2021-26260
Date: 2021-06-21 17:00:10.690496+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/openexr/2.2.0-11.1ubuntu1.7
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list