[ubuntu/groovy-proposed] openexr 2.3.0-6ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Jun 30 18:24:15 UTC 2020


openexr (2.3.0-6ubuntu1) groovy; urgency=medium

  * SECURITY UPDATE: use-after-free in DeepScanLineInputFile
    - debian/patches/CVE-2020-15305.patch: add missing throw in
      deepscanline error handling in IlmImf/ImfDeepScanLineInputFile.cpp.
    - CVE-2020-15305
  * SECURITY UPDATE: heap buffer overflow in getChunkOffsetTableSize()
    - debian/patches/CVE-2020-15306.patch: always ignore chunkCount
      attribute unless it cannot be computed in
      IlmImf/ImfDeepTiledOutputFile.cpp, IlmImf/ImfMisc.cpp,
      IlmImf/ImfMisc.h, IlmImf/ImfMultiPartInputFile.cpp,
      IlmImf/ImfMultiPartOutputFile.cpp.
    - CVE-2020-15306

Date: Tue, 30 Jun 2020 13:24:21 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openexr/2.3.0-6ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 30 Jun 2020 13:24:21 -0400
Source: openexr
Architecture: source
Version: 2.3.0-6ubuntu1
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 openexr (2.3.0-6ubuntu1) groovy; urgency=medium
 .
   * SECURITY UPDATE: use-after-free in DeepScanLineInputFile
     - debian/patches/CVE-2020-15305.patch: add missing throw in
       deepscanline error handling in IlmImf/ImfDeepScanLineInputFile.cpp.
     - CVE-2020-15305
   * SECURITY UPDATE: heap buffer overflow in getChunkOffsetTableSize()
     - debian/patches/CVE-2020-15306.patch: always ignore chunkCount
       attribute unless it cannot be computed in
       IlmImf/ImfDeepTiledOutputFile.cpp, IlmImf/ImfMisc.cpp,
       IlmImf/ImfMisc.h, IlmImf/ImfMultiPartInputFile.cpp,
       IlmImf/ImfMultiPartOutputFile.cpp.
     - CVE-2020-15306
Checksums-Sha1:
 1836e66c66fc0b1fa77c8267322061f79e0f94eb 2630 openexr_2.3.0-6ubuntu1.dsc
 b3c169014a522af0c5250aaf9631ffd94ccc4620 33684 openexr_2.3.0-6ubuntu1.debian.tar.xz
 c8195a01d46fdc4759080a1dd4aaf92f52c999a2 5856 openexr_2.3.0-6ubuntu1_source.buildinfo
Checksums-Sha256:
 b472f9871435ce5d4f60d4e2fd22aea47806f5471d9aac6cf21e5f06ea5f846c 2630 openexr_2.3.0-6ubuntu1.dsc
 a8f7210fdaad28b8c97c3c1d32cfa6602682af9737381f52b505310f20e942c7 33684 openexr_2.3.0-6ubuntu1.debian.tar.xz
 34e27d37e0bdb809f2ffc51f71af9f45d009be69df4288d68ba3d007690ad6ea 5856 openexr_2.3.0-6ubuntu1_source.buildinfo
Files:
 a9bdb0190e637b98e7f8dddc84281786 2630 graphics optional openexr_2.3.0-6ubuntu1.dsc
 b0537b839dcb50a2df99dceb52c26999 33684 graphics optional openexr_2.3.0-6ubuntu1.debian.tar.xz
 ceb495b911473a4a583595867672ebb1 5856 graphics optional openexr_2.3.0-6ubuntu1_source.buildinfo
Original-Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl77gvgACgkQZWnYVadE
vpOCkhAArjQbehVEDr0bS+2lQjqdfsbd6Qe9ufF/y+LIH441vW10zgJkeUUGNCgY
7Gc013utTeTO6C/mbFXxd4pE5MSXvq71hXSG/IaAec6JuuDsju5wG/wKPBSiTOTK
7VyWn67D9ZkDX/45GPnRd4WgIVYaCwonkrnvLRhWj0oagdkCsOgisSMCr621ElbV
dcyPH4M/gInaVJG4gXNjkk3v20AAJ0f+8UpieIiS6Qsy5uB8hnkASWJMOFz1uPcY
INpXjv4RgKKxHrM2y8rEhXCZTcWJAOIMjqhd8s82LTErSL17ZdhH8XYNrcvmzVlQ
s6TBKcrf0F/RBhExmLDjYwMbEeArebKpaiR9ufdh/GqKv40LQnkMJPXhbGo8qcCU
oc9Ic6OILNU5MzjhZrwF+qAjmcmIvLUZnG3Rcb8g6KXhiaYFOuPiGSZ5wCuwHCTG
ggT3/xEe9ihSR561Ycj8t5ICqdMpN2sI9OHGkkynRN/bZihIQGdZxG5PXEM/lSBQ
WUSuMnT3R+GVFsxlCuhqCGnVpQ4iYnUStZcGWfgyC1E+HGqM2pz05C69g3aNfpl0
WB2FPPktcRiqIpz7TkFM0fjN0yqvaWqKcHLGjIk4NTrr2x2fetithxreoeSRwpE/
TBp1o5ylxv3QyNcsn8Q+8qO7qMcR1GHaTy8Ly9D2tpHZk2dfVok=
=O7Wk
-----END PGP SIGNATURE-----


More information about the Groovy-changes mailing list