[ubuntu/xenial-security] openexr 2.2.0-10ubuntu2.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Oct 7 11:14:51 UTC 2019
openexr (2.2.0-10ubuntu2.1) xenial-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/CVE-2017-911x.patch: add additional input validation
in IlmImf/ImfDwaCompressor.cpp, IlmImf/ImfHuf.cpp,
IlmImf/ImfPizCompressor.cpp.
- debian/patches/CVE-2017-911x-2.patch: address pointer overflows in
IlmImf/ImfScanLineInputFile.cpp, exrenvmap/readInputImage.cpp,
exrmakepreview/makePreview.cpp.
- debian/patches/CVE-2017-911x-3.patch: merge common fixes and move
bounds check to central location in IlmImf/ImfFrameBuffer.h,
IlmImf/ImfHeader.cpp, exrenvmap/readInputImage.cpp,
exrmakepreview/makePreview.cpp, exrmaketiled/Image.h,
exrmultiview/Image.h.
- debian/patches/CVE-2017-911x-4.patch: refactor origin function to a
Slice factory and Rgba custom utility in IlmImf/ImfFrameBuffer.cpp,
IlmImf/ImfFrameBuffer.h, IlmImf/ImfRgbaFile.h,
exrenvmap/readInputImage.cpp, exrmakepreview/makePreview.cpp,
exrmaketiled/Image.h, exrmultiview/Image.h.
- CVE-2017-9110
- CVE-2017-9111
- CVE-2017-9112
- CVE-2017-9113
- CVE-2017-9115
- CVE-2017-9116
- CVE-2017-12596
- CVE-2018-18444
Date: 2019-10-03 15:40:16.084657+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list