openexr 2.5.3-2ubuntu0.2 source package in Ubuntu
Changelog
openexr (2.5.3-2ubuntu0.2) groovy-security; urgency=medium
* SECURITY UPDATE: shift overflow in FastHufDecoder
- debian/patches/CVE-2021-3474.patch: compute Huf codelengths using 64
bit to prevent shift overflow in OpenEXR/IlmImf/ImfFastHuf.cpp.
- CVE-2021-3474
* SECURITY UPDATE: integer overflow in calculateNumTiles
- debian/patches/CVE-2021-3475.patch: compute level size with 64 bits
to avoid overflow in OpenEXR/IlmImf/ImfTiledMisc.cpp.
- CVE-2021-3475
* SECURITY UPDATE: shift overflows
- debian/patches/CVE-2021-3476.patch: ignore unused bits in B44 mode
detection in OpenEXR/IlmImf/ImfB44Compressor.cpp.
- CVE-2021-3476
* SECURITY UPDATE: out-of-bounds read via deep tile sample size
- debian/patches/CVE-2021-3477.patch: fix overflow computing deeptile
sample table size in OpenEXR/IlmImf/ImfDeepTiledInputFile.cpp.
- CVE-2021-3477
* SECURITY UPDATE: memory consumption via input file
- debian/patches/CVE-2021-3478-pre1.patch: reduce size limit for
scanline files; prevent large chunkoffset allocations in
OpenEXR/IlmImf/ImfCompressor.cpp, OpenEXR/IlmImf/ImfCompressor.h,
OpenEXR/IlmImf/ImfMisc.cpp, OpenEXR/IlmImf/ImfMisc.h,
OpenEXR/IlmImf/ImfMultiPartInputFile.cpp,
OpenEXR/IlmImf/ImfScanLineInputFile.cpp.
- debian/patches/CVE-2021-3478.patch: sanity check ScanlineInput
bytesPerLine instead of lineOffset size in
OpenEXR/IlmImf/ImfScanLineInputFile.cpp.
- CVE-2021-3478
* SECURITY UPDATE: memory consumption in scanline API
- debian/patches/CVE-2021-3479-pre1.patch: address issues reported by
Undefined Behavior Sanitizer in OpenEXR/IlmImf/ImfInputFile.cpp.
- debian/patches/CVE-2021-3479.patch: more efficient handling of filled
channels reading tiles with scanline API in
OpenEXR/IlmImf/ImfInputFile.cpp,
OpenEXR/IlmImfTest/testScanLineApi.cpp.
- CVE-2021-3479
-- Marc Deslauriers <email address hidden> Thu, 01 Apr 2021 08:47:09 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Groovy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- graphics
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| openexr_2.5.3.orig.tar.gz | 26.3 MiB | 6a6525e6e3907715c6a55887716d7e42d09b54d2457323fcee35a0376960bebf |
| openexr_2.5.3.orig.tar.gz.asc | 287 bytes | a2c4ac5151789903ca8ab3093a2798491463ccf2abfd003a20f96453e505dd5f |
| openexr_2.5.3-2ubuntu0.2.debian.tar.xz | 28.1 KiB | 7687bd1bf0f05d700ca559300e5f1a317be79d6f4b2f926c2a08d1d30bb72e47 |
| openexr_2.5.3-2ubuntu0.2.dsc | 2.6 KiB | f794ed868a33a487186103eb89f230aea84bf43a4587c4838884afe57f1d4c04 |
Available diffs
Binary packages built by this source
- libopenexr-dev: No summary available for libopenexr-dev in ubuntu groovy.
No description available for libopenexr-dev in ubuntu groovy.
- libopenexr25: No summary available for libopenexr25 in ubuntu groovy.
No description available for libopenexr25 in ubuntu groovy.
- libopenexr25-dbgsym: No summary available for libopenexr25-dbgsym in ubuntu groovy.
No description available for libopenexr25-dbgsym in ubuntu groovy.
- openexr: No summary available for openexr in ubuntu groovy.
No description available for openexr in ubuntu groovy.
- openexr-dbgsym: No summary available for openexr-dbgsym in ubuntu groovy.
No description available for openexr-dbgsym in ubuntu groovy.
- openexr-doc: No summary available for openexr-doc in ubuntu groovy.
No description available for openexr-doc in ubuntu groovy.
