[ubuntu/disco-security] openexr 2.2.1-4.1ubuntu0.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Oct 7 11:14:54 UTC 2019
openexr (2.2.1-4.1ubuntu0.1) disco-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/CVE-2017-911x-2.patch: address pointer overflows in
IlmImf/ImfScanLineInputFile.cpp, exrenvmap/readInputImage.cpp,
exrmakepreview/makePreview.cpp.
- debian/patches/CVE-2017-911x-3.patch: merge common fixes and move
bounds check to central location in IlmImf/ImfFrameBuffer.h,
IlmImf/ImfHeader.cpp, exrenvmap/readInputImage.cpp,
exrmakepreview/makePreview.cpp, exrmaketiled/Image.h,
exrmultiview/Image.h.
- debian/patches/CVE-2017-911x-4.patch: refactor origin function to a
Slice factory and Rgba custom utility in IlmImf/ImfFrameBuffer.cpp,
IlmImf/ImfFrameBuffer.h, IlmImf/ImfRgbaFile.h,
exrenvmap/readInputImage.cpp, exrmakepreview/makePreview.cpp,
exrmaketiled/Image.h, exrmultiview/Image.h.
- CVE-2017-9111
- CVE-2017-9113
- CVE-2017-9115
- CVE-2018-18444
Date: 2019-10-03 16:29:14.420607+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openexr/2.2.1-4.1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Disco-changes
mailing list