-
openexr (3.1.5-4) unstable; urgency=medium
* d/control: Add missing zlib1g-dev dependency. Closes: #1017516
* d/control: Run wrap-and-sort
* d/control: Bump Std-Vers to 4.6.1 no changes needed
-- Mathieu Malaterre <email address hidden> Wed, 17 Aug 2022 12:44:50 +0200
-
openexr (3.1.5-3) unstable; urgency=medium
* d/control: Add missing Breaks/Replaces on libilmbase-dev. Closes: #1009308
-- Mathieu Malaterre <email address hidden> Wed, 17 Aug 2022 09:32:51 +0200
-
openexr (3.1.5-2) unstable; urgency=medium
* Upload to unstable.
-- Mathieu Malaterre <email address hidden> Tue, 16 Aug 2022 18:52:29 +0200
-
openexr (2.5.7-1) unstable; urgency=medium
* New upstream release
- debian/control: bump libilmbase-dev version
- debian/patches/series: drop CVE-2021-23169.diff
(applied upstream)
This release addresses following security issues:
+ CVE-2021-26260 and CVE-2021-23215
| An integer overflow leading to a heap-buffer overflow
| was found in the DwaCompressor of OpenEXR in versions
| before 3.0.1. An attacker could use this flaw to crash
| an application compiled with OpenEXR.
+ CVE-2021-3605 and CVE-2021-3598
| There's a flaw in OpenEXR's rleUncompress functionality
| in versions prior to 3.0.5. An attacker who is able to
| submit a crafted file to an application linked with
| OpenEXR could cause an out-of-bounds read.
| The greatest risk from this flaw is to application
| availability.
* debian/watch: change path and narrow down search
-- Matteo F. Vescovi <email address hidden> Sat, 28 Aug 2021 22:20:22 +0200