Change logs for openexr source package in Eoan

  • openexr (2.2.1-4.1ubuntu1.2) eoan-security; urgency=medium
    
      * SECURITY UPDATE: use-after-free in DeepScanLineInputFile
        - debian/patches/CVE-2020-15305.patch: add missing throw in
          deepscanline error handling in IlmImf/ImfDeepScanLineInputFile.cpp.
        - CVE-2020-15305
      * SECURITY UPDATE: heap buffer overflow in getChunkOffsetTableSize()
        - debian/patches/CVE-2020-15306.patch: always ignore chunkCount
          attribute unless it cannot be computed in
          IlmImf/ImfDeepTiledOutputFile.cpp, IlmImf/ImfMisc.cpp,
          IlmImf/ImfMisc.h, IlmImf/ImfMultiPartInputFile.cpp,
          IlmImf/ImfMultiPartOutputFile.cpp.
        - CVE-2020-15306
    
     -- Marc Deslauriers <email address hidden>  Tue, 30 Jun 2020 14:23:38 -0400
  • openexr (2.2.1-4.1ubuntu1.1) eoan-security; urgency=medium
    
      * SECURITY UPDATE: Multiple security issues
        - debian/patches/CVE-2020-117xx/*.patch: backported multiple upstream
          commits to fix a multitude of issues.
        - CVE-2020-11758
        - CVE-2020-11759
        - CVE-2020-11760
        - CVE-2020-11761
        - CVE-2020-11762
        - CVE-2020-11763
        - CVE-2020-11764
        - CVE-2020-11765
    
     -- Marc Deslauriers <email address hidden>  Thu, 23 Apr 2020 15:25:33 -0400
  • openexr (2.2.1-4.1ubuntu1) eoan; urgency=medium
    
      * SECURITY UPDATE: Multiple security issues
        - debian/patches/CVE-2017-911x-2.patch: address pointer overflows in
          IlmImf/ImfScanLineInputFile.cpp, exrenvmap/readInputImage.cpp,
          exrmakepreview/makePreview.cpp.
        - debian/patches/CVE-2017-911x-3.patch: merge common fixes and move
          bounds check to central location in IlmImf/ImfFrameBuffer.h,
          IlmImf/ImfHeader.cpp, exrenvmap/readInputImage.cpp,
          exrmakepreview/makePreview.cpp, exrmaketiled/Image.h,
          exrmultiview/Image.h.
        - debian/patches/CVE-2017-911x-4.patch: refactor origin function to a
          Slice factory and Rgba custom utility in IlmImf/ImfFrameBuffer.cpp,
          IlmImf/ImfFrameBuffer.h, IlmImf/ImfRgbaFile.h,
          exrenvmap/readInputImage.cpp, exrmakepreview/makePreview.cpp,
          exrmaketiled/Image.h, exrmultiview/Image.h.
        - CVE-2017-9111
        - CVE-2017-9113
        - CVE-2017-9115
        - CVE-2018-18444
    
     -- Marc Deslauriers <email address hidden>  Wed, 02 Oct 2019 13:01:44 -0400
  • openexr (2.2.1-4.1) unstable; urgency=medium
    
      * Non-maintainer upload.
      * bug909865.patch: Add -ffloat-store when compiling tests, to fix test
        failures on i386. Patch backported from experimental. (Closes: #909865)
    
     -- Steinar H. Gunderson <email address hidden>  Wed, 20 Mar 2019 22:40:43 +0100