-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 9 Apr 2023 23:18:25 CEST Source: openimageio Architecture: source Version: 2.2.10.1+dfsg-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: 1d8f1c911342303e0d6f1a2af5a568e530a6283e 3033 openimageio_2.2.10.1+dfsg-1+deb11u1.dsc ec0b02992da63235b18b858bd4e3e0b868e8aca0 26335196 openimageio_2.2.10.1+dfsg.orig.tar.xz f92f3d8d0da4a0cb2939936e03464d8d64f3d67c 37832 openimageio_2.2.10.1+dfsg-1+deb11u1.debian.tar.xz 9e00f2177438041a4ae67a3f02c17873de0d41bf 25942 openimageio_2.2.10.1+dfsg-1+deb11u1_amd64.buildinfo Checksums-Sha256: 4e5454ab4e3192f5b8ca5917f98f7017e8a5f6fcdde373cdae8d8327f2bf0e70 3033 openimageio_2.2.10.1+dfsg-1+deb11u1.dsc bf8f109db3f4ab29c26905d9309cb76af074f7e9df1ea2346145115d2c04fe50 26335196 openimageio_2.2.10.1+dfsg.orig.tar.xz 7fefa99168c462a5eb34e1e1ad8b222ad2b5cadf7eb9b03a5070100f3f9cd142 37832 openimageio_2.2.10.1+dfsg-1+deb11u1.debian.tar.xz 98ae626e4ec3a19af77b7fbbc16e0cfe6bb50e4ff1849f7c5a14e034b5ea64f0 25942 openimageio_2.2.10.1+dfsg-1+deb11u1_amd64.buildinfo Changes: openimageio (2.2.10.1+dfsg-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload. * Fix CVE-2022-36354, CVE-2022-41639, CVE-2022-41977, CVE-2022-41988, CVE-2022-41838, CVE-2022-41999, CVE-2022-41981, CVE-2022-43592, CVE-2022-43593, CVE-2022-43594, CVE-2022-43595, CVE-2022-43596, CVE-2022-43597, CVE-2022-43598, CVE-2022-43599, CVE-2022-43600, CVE-2022-43601, CVE-2022-43602, CVE-2022-41649, CVE-2022-41684, CVE-2022-41794, CVE-2022-41837 and CVE-2022-43603. Multiple security vulnerabilties have been discovered in OpenImageIO, a library for reading and writing images. Buffer overflows and out-of-bounds read and write programming errors may lead to a denial of service (application crash) or the execution of arbitrary code if a malformed image file is processed. Files: cd1946a89685bdbab1877e4a234e0c8d 3033 libs optional openimageio_2.2.10.1+dfsg-1+deb11u1.dsc 2860d722dd1577ddbd8c3f879301c1c0 26335196 libs optional openimageio_2.2.10.1+dfsg.orig.tar.xz f2dd8f5a662f4e635d75ce4d0b26f54d 37832 libs optional openimageio_2.2.10.1+dfsg-1+deb11u1.debian.tar.xz 3558d2cc07eadd471bae0bc11f951f3e 25942 libs optional openimageio_2.2.10.1+dfsg-1+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmQzLO5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HklwEP/2SX/Zshi28i0jEa/v2MGEedD57icHDXsiTa X98NMoOYjd/VRX7q3nHzzzwEca261W1tKeQ/Y6OFH46muAgxZ+wq7lOseczSZUd1 viIFEVbUOlC+Tx3esFy9sEPSXRUJRHSszUKxRbZVgfUO0M9Dl4yTb7N5O9ywvtGE 3JhlW0z34YjiyGB1O2/IlNZbi1YMXsyf08BQWq+wJuAOo6hZ0CQ7FrUrTUCciK4J UpKR/Ym2dpApfjXInrRZDMsh9uUykuhbxn2wxW5AjI/xWNcpgzQ7cO6LF3KPddy+ QfE5WBhISwvmu0GHP5ovePCHKpWBnJiRi4RcBeo+rrP6cppHRKsVpcleSut91eMT kfQ+QyzPEzmgGR2TuBHEiC2b8P4al3zP8rMw4O5xVVYKdoRK3a8Tlckq2hdD6zMC glt8TXf6NgOX5UcNRkkPdosMlBVvq8PfIekIz+JaQZ+fDBEKXDe5q2M+bp4jOBF9 tutN7kKCjt1jaSqvIuf8qrvEuxiMvS2TAX6UcJtVXgQ3lV2U8SrZzaB/qBZiqPF1 ztiaYKn4pQMCMcstfK0kc52OOkxvsfvKpt5VONiM7wsuGbhKrCrOaxCLUodSuXjN yB4ogpXJc6l6ByE1+9yJBtzts4HO62hGImzVvubyVlIshxCnUUpD7c03sQB74f7+ iIVE+5rF =8ped -----END PGP SIGNATURE-----