Format: 1.8 Date: Thu, 01 Apr 2021 08:47:09 -0400 Source: openexr Binary: openexr openexr-doc libopenexr-dev libopenexr22 Architecture: arm64 Version: 2.2.0-11.1ubuntu1.6 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libopenexr-dev - development files for the OpenEXR image library libopenexr22 - runtime files for the OpenEXR image library openexr - command-line tools for the OpenEXR image format openexr-doc - documentation and examples for the OpenEXR image format Changes: openexr (2.2.0-11.1ubuntu1.6) bionic-security; urgency=medium . * SECURITY UPDATE: shift overflow in FastHufDecoder - debian/patches/CVE-2021-3474.patch: compute Huf codelengths using 64 bit to prevent shift overflow in IlmImf/ImfFastHuf.cpp. - CVE-2021-3474 * SECURITY UPDATE: integer overflow in calculateNumTiles - debian/patches/CVE-2021-3475.patch: compute level size with 64 bits to avoid overflow in IlmImf/ImfTiledMisc.cpp. - CVE-2021-3475 * SECURITY UPDATE: shift overflows - debian/patches/CVE-2021-3476.patch: ignore unused bits in B44 mode detection in IlmImf/ImfB44Compressor.cpp. - CVE-2021-3476 * SECURITY UPDATE: out-of-bounds read via deep tile sample size - debian/patches/CVE-2021-3477.patch: fix overflow computing deeptile sample table size in IlmImf/ImfDeepTiledInputFile.cpp. - CVE-2021-3477 * SECURITY UPDATE: memory consumption via input file - debian/patches/CVE-2021-3478-pre1.patch: reduce size limit for scanline files; prevent large chunkoffset allocations in IlmImf/ImfCompressor.cpp, IlmImf/ImfCompressor.h, IlmImf/ImfMisc.cpp, IlmImf/ImfMultiPartInputFile.cpp, IlmImf/ImfScanLineInputFile.cpp. - debian/patches/CVE-2021-3478.patch: sanity check ScanlineInput bytesPerLine instead of lineOffset size in IlmImf/ImfScanLineInputFile.cpp. - CVE-2021-3478 * SECURITY UPDATE: memory consumption in scanline API - debian/patches/CVE-2021-3479-pre1.patch: address issues reported by Undefined Behavior Sanitizer in IlmImf/ImfInputFile.cpp. - debian/patches/CVE-2021-3479.patch: more efficient handling of filled channels reading tiles with scanline API in IlmImf/ImfInputFile.cpp, IlmImfTest/testScanLineApi.cpp. - CVE-2021-3479 Checksums-Sha1: b35b4f166f75fa8af85825e53139a9439b4527b3 677284 libopenexr-dev_2.2.0-11.1ubuntu1.6_arm64.deb bb61e57d0e1188b987b04bc09f0cb0bc41b6c4a4 3833380 libopenexr22-dbgsym_2.2.0-11.1ubuntu1.6_arm64.ddeb 6eae8760070f0ff72bc6f0ba949bdf0fb4d5a006 520536 libopenexr22_2.2.0-11.1ubuntu1.6_arm64.deb 0ae10559228e954819c5a11f860a418e388409e7 664868 openexr-dbgsym_2.2.0-11.1ubuntu1.6_arm64.ddeb 098d1e8d0e3d7e8d5189371e2d27baed877b3913 6448 openexr_2.2.0-11.1ubuntu1.6_arm64.buildinfo 9aab5696815ae83897df9b5ef0e41f0a703f6980 61908 openexr_2.2.0-11.1ubuntu1.6_arm64.deb Checksums-Sha256: af5502795582d8906e821cb494d18fff31e6ade0641b4e267d1d1fac0b175d64 677284 libopenexr-dev_2.2.0-11.1ubuntu1.6_arm64.deb ffe931562c8d1fd87346ee8d415ae7c5fcee1027e7070bf8d1350b9ce0873143 3833380 libopenexr22-dbgsym_2.2.0-11.1ubuntu1.6_arm64.ddeb 5102bb200f0306b3b57d1105522e32d07d3580b56e6bf9d2049df031fa5a4211 520536 libopenexr22_2.2.0-11.1ubuntu1.6_arm64.deb eeee100cb2fbd59544cc035e7b5e294fc45d7c13bb8dbad0493e8c12949f5e04 664868 openexr-dbgsym_2.2.0-11.1ubuntu1.6_arm64.ddeb 61b10cf72df8d27641d932745e55b2337772c954ebf649f9f66b69a6b6e1ca8b 6448 openexr_2.2.0-11.1ubuntu1.6_arm64.buildinfo 9429555a35141268f6b18b06daedde03a0883fc9a77fd230d9dff956f66dff29 61908 openexr_2.2.0-11.1ubuntu1.6_arm64.deb Files: 001ae1090cdbd466e1defa6bbd5dd174 677284 libdevel optional libopenexr-dev_2.2.0-11.1ubuntu1.6_arm64.deb 844be79828052cbe9e7a3661efa45127 3833380 debug optional libopenexr22-dbgsym_2.2.0-11.1ubuntu1.6_arm64.ddeb 15f31d4fb0c4fabdfd9860f5064cd882 520536 libs optional libopenexr22_2.2.0-11.1ubuntu1.6_arm64.deb bfef716e1333b6669cddb1dc00e36951 664868 debug optional openexr-dbgsym_2.2.0-11.1ubuntu1.6_arm64.ddeb 6d939cce0cde9877a84be6a6859d0333 6448 graphics optional openexr_2.2.0-11.1ubuntu1.6_arm64.buildinfo 8b708abbaafd6afc9094c250041eb86c 61908 graphics optional openexr_2.2.0-11.1ubuntu1.6_arm64.deb Original-Maintainer: Debian PhotoTools Maintainers