-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 30 Jul 2021 20:59:52 +0200 Source: openexr Binary: openexr openexr-doc libopenexr-dev libopenexr22 Architecture: source Version: 2.2.0-11+deb9u4 Distribution: stretch-security Urgency: high Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Sylvain Beucler <beuc@debian.org> Description: libopenexr-dev - development files for the OpenEXR image library libopenexr22 - runtime files for the OpenEXR image library openexr - command-line tools for the OpenEXR image format openexr-doc - documentation and examples for the OpenEXR image format Changes: openexr (2.2.0-11+deb9u4) stretch-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2021-3605: heap buffer overflow in the rleUncompress function. * CVE-2021-20299: null-dereference READ when reading files with no parts/headers. * CVE-2021-20300: integer-overflow in Imf_2_5::hufUncompress. * CVE-2021-20302: floating-point-exception in Imf_2_5::precalculateTileInfot. * CVE-2021-20303: heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer. Checksums-Sha1: b4ddf4fc51c93024980e50d31141d9bd80088bea 2308 openexr_2.2.0-11+deb9u4.dsc 726b64a4a1873a5cdfa04c6b3eb73014533b15b9 36628 openexr_2.2.0-11+deb9u4.debian.tar.xz b0973a135a51d8ccbc38b56def5206fdd1f37c21 6916 openexr_2.2.0-11+deb9u4_amd64.buildinfo Checksums-Sha256: 7130e6cc84de8f3d4f8fb1a32583162df133615654a9b0aa5f6f5c02eab0d1b5 2308 openexr_2.2.0-11+deb9u4.dsc 98e32884bf15a95774d3f752b9c8de3e8ff1998b3473b5bb15490a71729fe58c 36628 openexr_2.2.0-11+deb9u4.debian.tar.xz 7747d2ef35f214ee644ab34c0b7f35be76c45d10556716894bf55cfcfdbea887 6916 openexr_2.2.0-11+deb9u4_amd64.buildinfo Files: e6b9ea8aeee683eaa11b6a92cdf9385d 2308 graphics optional openexr_2.2.0-11+deb9u4.dsc ddda68d5ee97216fcf8e0f5d8c80a6e9 36628 graphics optional openexr_2.2.0-11+deb9u4.debian.tar.xz 35f55ae487bd39f8bf79fb2e4470a789 6916 graphics optional openexr_2.2.0-11+deb9u4_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmEKzzQACgkQDTl9HeUl XjD6fQ/+NJ38h1eqv7aZvpQKNSihy/dj6SnIwBCLR6uxdNhosqaYHhkXgjFBCWv2 10/wKIbEFAUtDcVB3DR4FKUVz9L4lgWuwQyMyOOCb4cbo7XnwqFyXlorr4qtLteM S3kIy483il7ylMDOP5QRK9/do1cTetmFtAQfdW0YLFKP5Fekp2rL80kYHreXuXum FRYBW3XZ27X3+MPgCbYTpd2QWPeZQ4jSAy1tzAKY780D2rBSi8YtarL2JQSq0F7X 6D9AoL1yv3Vo7ZwtS+1kLig6oipdiSgWZGT7nYDRIOLc7Ptmb+9lHXlpWkzUaOyH n60Vq9WMUVFuMIObm0JZk+7iVir/YTJ/McoiOq2Y8D3446YPaU0iHQXDI1UC4SdC L7D0sfPr9RryGcMvKpMVzYC/ruhWD7S2JZ4YRj6RSy2TZI2sH6HiMpeqqukkNi/y 2qsbNvm7IUQZtQ/05OaXaRtyVZf/BgoSDcU7uNloKgU4oqx70joKX/LfUkevbqDb 0v2uHhmlD+ci752Pzu/ReXSTg6lZwTUEfW/hcLUgXrTnnvFy4cpE6kky1pgNq+8g UNccdF0B/G8ww85Ecyf/mmmxkPv8asxzlywQOX0N3uq9qvg+1ReFKc9+VVs7HF6p FcTx643l6YX1Q+JBafFlUlcwepXklShMkDDdB3NM/fk+a7ETvow= =qBmF -----END PGP SIGNATURE-----
