Format: 1.8 Date: Thu, 01 Apr 2021 08:47:09 -0400 Source: openexr Binary: openexr openexr-doc libopenexr-dev libopenexr22 Architecture: s390x Version: 2.2.0-10ubuntu2.6 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libopenexr-dev - development files for the OpenEXR image library libopenexr22 - runtime files for the OpenEXR image library openexr - command-line tools for the OpenEXR image format openexr-doc - documentation and examples for the OpenEXR image format Changes: openexr (2.2.0-10ubuntu2.6) xenial-security; urgency=medium . * SECURITY UPDATE: shift overflow in FastHufDecoder - debian/patches/CVE-2021-3474.patch: compute Huf codelengths using 64 bit to prevent shift overflow in IlmImf/ImfFastHuf.cpp. - CVE-2021-3474 * SECURITY UPDATE: integer overflow in calculateNumTiles - debian/patches/CVE-2021-3475.patch: compute level size with 64 bits to avoid overflow in IlmImf/ImfTiledMisc.cpp. - CVE-2021-3475 * SECURITY UPDATE: shift overflows - debian/patches/CVE-2021-3476.patch: ignore unused bits in B44 mode detection in IlmImf/ImfB44Compressor.cpp. - CVE-2021-3476 * SECURITY UPDATE: out-of-bounds read via deep tile sample size - debian/patches/CVE-2021-3477.patch: fix overflow computing deeptile sample table size in IlmImf/ImfDeepTiledInputFile.cpp. - CVE-2021-3477 * SECURITY UPDATE: memory consumption via input file - debian/patches/CVE-2021-3478-pre1.patch: reduce size limit for scanline files; prevent large chunkoffset allocations in IlmImf/ImfCompressor.cpp, IlmImf/ImfCompressor.h, IlmImf/ImfMisc.cpp, IlmImf/ImfMultiPartInputFile.cpp, IlmImf/ImfScanLineInputFile.cpp. - debian/patches/CVE-2021-3478.patch: sanity check ScanlineInput bytesPerLine instead of lineOffset size in IlmImf/ImfScanLineInputFile.cpp. - CVE-2021-3478 * SECURITY UPDATE: memory consumption in scanline API - debian/patches/CVE-2021-3479-pre1.patch: address issues reported by Undefined Behavior Sanitizer in IlmImf/ImfInputFile.cpp. - debian/patches/CVE-2021-3479.patch: more efficient handling of filled channels reading tiles with scanline API in IlmImf/ImfInputFile.cpp, IlmImfTest/testScanLineApi.cpp. - CVE-2021-3479 Checksums-Sha1: ea7157b1fcb017d33fe70f495dc3475375a293c2 697516 libopenexr-dev_2.2.0-10ubuntu2.6_s390x.deb e4fba785589a90933dd7b1c1f1a30fd927c77a37 2192406 libopenexr22-dbgsym_2.2.0-10ubuntu2.6_s390x.ddeb 82406cf58e00fc1ecbe1dd74c370ff4df47f3579 587482 libopenexr22_2.2.0-10ubuntu2.6_s390x.deb 5c6cc8aacd61174fdffc25f8f2e2a851575c2c70 391790 openexr-dbgsym_2.2.0-10ubuntu2.6_s390x.ddeb 39f5dd19eda5b07a7eab7fbaf9a66240330698b8 63248 openexr_2.2.0-10ubuntu2.6_s390x.deb Checksums-Sha256: d31624b6b4a4dda380f494326402dff25831fc058f60afa433c1402e57f7d2aa 697516 libopenexr-dev_2.2.0-10ubuntu2.6_s390x.deb 64d6d6e0b054553a728ad20cf09102fbc2898d94526174fa44a93b18b950d22f 2192406 libopenexr22-dbgsym_2.2.0-10ubuntu2.6_s390x.ddeb ff1f14014b6104ef46f56b56ce93fb3ff413c271f7215bfa722a94b03f1c1c1f 587482 libopenexr22_2.2.0-10ubuntu2.6_s390x.deb d3dbba95114619ab50ccc8d59dffc5022a30f7998d718f853c754a4839af2579 391790 openexr-dbgsym_2.2.0-10ubuntu2.6_s390x.ddeb b05a0396cb8b986b95f04ec78d97fa1f4296a068b11810f537f05efbb5ab036c 63248 openexr_2.2.0-10ubuntu2.6_s390x.deb Files: 662feb505c98051b45540a3af9f67a49 697516 libdevel optional libopenexr-dev_2.2.0-10ubuntu2.6_s390x.deb 94d68d799b62aa13716b4e2d8ce9ad5f 2192406 libs extra libopenexr22-dbgsym_2.2.0-10ubuntu2.6_s390x.ddeb 9068759e800abce87cdf06dbb375fc00 587482 libs optional libopenexr22_2.2.0-10ubuntu2.6_s390x.deb a1c41f3365abdbac1ccdba89597596f4 391790 graphics extra openexr-dbgsym_2.2.0-10ubuntu2.6_s390x.ddeb 7a7b0aa9d5ab73b7ce45eb36d1598597 63248 graphics optional openexr_2.2.0-10ubuntu2.6_s390x.deb Original-Maintainer: Debian PhotoTools Maintainers