[Bug 484384] [NEW] Sync openexr 1.6.1-4.1 (main) from Debian testing (main)

[Loïc Minier]

Public bug reported:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/openexr
 status confirmed
 importance wishlist
 subscribe ubuntu-archive
 done

Please sync openexr 1.6.1-4.1 (main) from Debian testing (main)

Explanation of the Ubuntu delta and why it can be dropped:
Security patches were merged in unstable and the hppa testsuite workaround is
not needed anymore since we don't support hppa in lucid anyway and it's only
for older hppa kernels on buildds -- not truly a source problem.

Changelog entries since current lucid version 1.6.1-4ubuntu3:

openexr (1.6.1-4.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fixed CVE-2009-1720: Integer overflows in Imf::PreviewImage::PreviewImage
    and integer overflows in compressor constructors
  * Fixed CVE-2009-1721: uninitialized pointers in Imf::hufUncompress
  * Patch stolen from stable-security, thanks to Cyril Brulebois
    (Closes: #550424)

 -- Giuseppe Iuculano <iuculano at debian.org>  Wed, 21 Oct 2009 23:54:35
+0200

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksC770ACgkQ4VUX8isJIMB0pgCgjjdDpG6r1Z5ZJT6//gTJXxIf
IKkAnjvhnFqpayO2tLAcjqAT90Qj4wGP
=CtUS
-----END PGP SIGNATURE-----


-- 
Loïc Minier

** Affects: openexr (Ubuntu)
     Importance: Wishlist
         Status: Confirmed

-- 
Sync openexr 1.6.1-4.1 (main) from Debian testing (main)
https://bugs.launchpad.net/bugs/484384
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.