openexr (2.2.1-4.1ubuntu0.1) disco-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/CVE-2017-911x-2.patch: address pointer overflows in
IlmImf/ImfScanLineInputFile.cpp, exrenvmap/readInputImage.cpp,
exrmakepreview/makePreview.cpp.
- debian/patches/CVE-2017-911x-3.patch: merge common fixes and move
bounds check to central location in IlmImf/ImfFrameBuffer.h,
IlmImf/ImfHeader.cpp, exrenvmap/readInputImage.cpp,
exrmakepreview/makePreview.cpp, exrmaketiled/Image.h,
exrmultiview/Image.h.
- debian/patches/CVE-2017-911x-4.patch: refactor origin function to a
Slice factory and Rgba custom utility in IlmImf/ImfFrameBuffer.cpp,
IlmImf/ImfFrameBuffer.h, IlmImf/ImfRgbaFile.h,
exrenvmap/readInputImage.cpp, exrmakepreview/makePreview.cpp,
exrmaketiled/Image.h, exrmultiview/Image.h.
- CVE-2017-9111
- CVE-2017-9113
- CVE-2017-9115
- CVE-2018-18444
-- Marc Deslauriers <email address hidden> Wed, 02 Oct 2019 13:01:44 -0400