-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 28 Aug 2021 22:20:22 +0200
Source: openexr
Architecture: source
Version: 2.5.7-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Matteo F. Vescovi <mfv@debian.org>
Changes:
openexr (2.5.7-1) unstable; urgency=medium
.
* New upstream release
- debian/control: bump libilmbase-dev version
- debian/patches/series: drop CVE-2021-23169.diff
(applied upstream)
This release addresses following security issues:
+ CVE-2021-26260 and CVE-2021-23215
| An integer overflow leading to a heap-buffer overflow
| was found in the DwaCompressor of OpenEXR in versions
| before 3.0.1. An attacker could use this flaw to crash
| an application compiled with OpenEXR.
+ CVE-2021-3605 and CVE-2021-3598
| There's a flaw in OpenEXR's rleUncompress functionality
| in versions prior to 3.0.5. An attacker who is able to
| submit a crafted file to an application linked with
| OpenEXR could cause an out-of-bounds read.
| The greatest risk from this flaw is to application
| availability.
* debian/watch: change path and narrow down search
Checksums-Sha1:
6b35d6edd8d5c005e0c7736a14c6a5cb18a36afb 2683 openexr_2.5.7-1.dsc
3e33e9df9a0de0e46124d0976557941155aafcfb 27539574 openexr_2.5.7.orig.tar.gz
80df18fce2522997b352e9bf3986ac107133cf4e 287 openexr_2.5.7.orig.tar.gz.asc
bd8b32675f95c7965082e35bf3a26683b96293a3 22096 openexr_2.5.7-1.debian.tar.xz
1bf8a1b6e69b4cd55b3bf8de0426edd666bd6de7 6053 openexr_2.5.7-1_source.buildinfo
Checksums-Sha256:
dd0b42162ad701bed78787414609b2d784e44d6e1693c4cf3992572f5cf62caa 2683 openexr_2.5.7-1.dsc
36ecb2290cba6fc92b2ec9357f8dc0e364b4f9a90d727bf9a57c84760695272d 27539574 openexr_2.5.7.orig.tar.gz
a2c4ac5151789903ca8ab3093a2798491463ccf2abfd003a20f96453e505dd5f 287 openexr_2.5.7.orig.tar.gz.asc
6168e2eb9d8974e11f1ea69a1a5bbe41b33e3bc63efa2a2073863c1f9dc45585 22096 openexr_2.5.7-1.debian.tar.xz
0e0f254ab7d69363c06f1e70e5503173a1c028cf45980a05f8bb1b6d5aed0c5d 6053 openexr_2.5.7-1_source.buildinfo
Files:
318e46de0c82bcdfea8b55172fd1449a 2683 graphics optional openexr_2.5.7-1.dsc
7a847629c45dab65222439fa8d659dc2 27539574 graphics optional openexr_2.5.7.orig.tar.gz
445fa39331ec8bb47d245c12565a226e 287 graphics optional openexr_2.5.7.orig.tar.gz.asc
bf2405a7316556fd5072356d977b7c5d 22096 graphics optional openexr_2.5.7-1.debian.tar.xz
2e1a74036c3e021b33dfff6c2ae3141d 6053 graphics optional openexr_2.5.7-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
Comment: Debian powered!
iQKTBAEBCgB9FiEE890J+NqH0d9QRsmbBhL0lE7NzVoFAmEqmsJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYz
REQwOUY4REE4N0QxREY1MDQ2Qzk5QjA2MTJGNDk0NEVDRENENUEACgkQBhL0lE7N
zVo2ghAAplXMC+LvlAMqd0rz4jsAnO9ZxOlzB1uhcEbMv7SsNeq6OaDGRNsdHsWv
obU08wSzHQpnFHqLkCSuqMuKDL18hCRyzaYrNz8c45lvToni3oJi/LvSj2TiqduF
CraISuZhXUSwhQvQRudQ50v6PnSFA3rDRHl/LMNIv23RV3UIFZGG4ObgehXJBiM8
uLZL7SAGYw7oZHxTHAUSdmSJsO9GsGCVBdHgrHwgAnuxF1rH8imDzsMXNPYUDY0I
nnFOd65/dvblozhRfE1YgexfXCP3fh7/BBlSnXxCXxFjo9K8UHpS1SUQvdQ9GNEq
ziRGaW65wLvpR2HcoR6lyBC3pWUnn/0WvYk+CfUBFYVwh7/yemuvho3/dFLEiOgC
lmVWcV1J7K3sD6AUrw1EMBfIacSSpWPWdby0Q09NQPsII6KwwLSPg9RS7aoc24dh
pQ5dS9rJb5KWxseplMHeuph7cX4ojZJLsjr8P0uciVsNO0ZAc5N8uDUr/vmM4q0D
weHFP/o6Tn9aeWXswhxiF0taTlX/kADxztT00YqPIcm2R88vgmT8kbkFSOrRigpu
/X6GpmbAqp02lGk5pyAARuaUTHjczeUKf4boVLNnobrk9N3/E8/yYBDjUF20MIbO
CzFidZSfzLA5/03CY4lkhkfkhz++BUDljnhtEpcJ1sLt+7+rOd4=
=WH3H
-----END PGP SIGNATURE-----
