[ubuntu/focal-security] openexr 2.3.0-6ubuntu0.3 (Accepted)

[Marc Deslauriers]

openexr (2.3.0-6ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via heap overflow in chunkOffsetReconstruction
    - debian/patches/CVE-2020-16587.patch: properly check chunk offset in
      IlmImf/ImfMultiPartInputFile.cpp.
    - CVE-2020-16587
  * SECURITY UPDATE: DoS via null pointer dereference
    - debian/patches/CVE-2020-16588.patch: fix logic for 1 pixel high/wide
      preview images in exrmakepreview/makePreview.cpp.
    - CVE-2020-16588
  * SECURITY UPDATE: DoS via heap overflow in writeTileData
    - debian/patches/CVE-2020-16589.patch: validate tile coordinates when
      doing copyPixels in IlmImf/ImfTiledInputFile.cpp.
    - CVE-2020-16589

Date: 2020-12-11 14:13:13.472974+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.