[ubuntu/focal-security] openexr 2.3.0-6ubuntu0.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Apr 27 12:08:13 UTC 2020
openexr (2.3.0-6ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/CVE-2020-117xx/*.patch: backported multiple upstream
commits to fix a multitude of issues.
- CVE-2020-11758
- CVE-2020-11759
- CVE-2020-11760
- CVE-2020-11761
- CVE-2020-11762
- CVE-2020-11763
- CVE-2020-11764
- CVE-2020-11765
* SECURITY UPDATE: Multiple security issues
- debian/patches/CVE-2017-911x-2.patch: address pointer overflows in
IlmImf/ImfScanLineInputFile.cpp, exrenvmap/readInputImage.cpp,
exrmakepreview/makePreview.cpp.
- debian/patches/CVE-2017-911x-3.patch: merge common fixes and move
bounds check to central location in IlmImf/ImfFrameBuffer.h,
IlmImf/ImfHeader.cpp, exrenvmap/readInputImage.cpp,
exrmakepreview/makePreview.cpp, exrmaketiled/Image.h,
exrmultiview/Image.h.
- debian/patches/CVE-2017-911x-4.patch: refactor origin function to a
Slice factory and Rgba custom utility in IlmImf/ImfFrameBuffer.cpp,
IlmImf/ImfFrameBuffer.h, IlmImf/ImfRgbaFile.h,
exrenvmap/readInputImage.cpp, exrmakepreview/makePreview.cpp,
exrmaketiled/Image.h, exrmultiview/Image.h.
- CVE-2017-9111
- CVE-2017-9113
- CVE-2017-9115
- CVE-2018-18444
Date: 2020-04-24 13:16:21.283417+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list