[ubuntu/xenial-security] openexr 2.2.0-10ubuntu2.4 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jan 5 13:21:58 UTC 2021
openexr (2.2.0-10ubuntu2.4) xenial-security; urgency=medium
* SECURITY UPDATE: DoS via heap overflow in chunkOffsetReconstruction
- debian/patches/CVE-2020-16587.patch: properly check chunk offset in
IlmImf/ImfMultiPartInputFile.cpp.
- CVE-2020-16587
* SECURITY UPDATE: DoS via null pointer dereference
- debian/patches/CVE-2020-16588.patch: fix logic for 1 pixel high/wide
preview images in exrmakepreview/makePreview.cpp.
- CVE-2020-16588
* SECURITY UPDATE: DoS via heap overflow in writeTileData
- debian/patches/CVE-2020-16589.patch: validate tile coordinates when
doing copyPixels in IlmImf/ImfTiledInputFile.cpp.
- CVE-2020-16589
Date: 2020-12-11 14:14:24.853544+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list