-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 09 Aug 2024 13:47:44 +0200 Source: openimageio Architecture: source Version: 2.5.14.0+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Matteo F. Vescovi <mfv@debian.org> Closes: 1076772 Changes: openimageio (2.5.14.0+dfsg-1) unstable; urgency=medium . * New upstream release (Closes: #1076772) Since v2.5.13.1, it fixes CVE-2024-40630: | OpenImageIO is a toolset for reading, writing, and manipulating | image files of any image file format relevant to VFX / animation via | a format-agnostic API with a feature set, scalability, and | robustness needed for feature film production. In affected versions | there is a bug in the heif input functionality of OpenImageIO. | Specifically, in `HeifInput::seek_subimage()`. In the worst case, | this can lead to an information disclosure vulnerability, | particularly for programs that directly use the `ImageInput` APIs. | This bug has been addressed in commit `0a2dcb4c` which is included | in the 2.5.13.1 release. Users are advised to upgrade. There are no | known workarounds for this issue. Checksums-Sha1: 30ee52c4115027aa9429cba57ea98ec3b0165af9 3008 openimageio_2.5.14.0+dfsg-1.dsc 448b6eff3c50a126aeb7b4d9ad9502c10814d4d3 44989204 openimageio_2.5.14.0+dfsg.orig.tar.xz f1cbb5fcbddfe1711c4b5ec633dc5a13e730f948 17712 openimageio_2.5.14.0+dfsg-1.debian.tar.xz d54e988e7f2a6af70dda00729dc66c20433fafe7 7988 openimageio_2.5.14.0+dfsg-1_source.buildinfo Checksums-Sha256: ff0f3b94df3201e72f802b262606e42a2aa8d0e9858219982cae1e37c3bd6c2b 3008 openimageio_2.5.14.0+dfsg-1.dsc fc244c54f03e98301c89e2bdb395f3b6e2265dcfb4af0a00832131883bb4f279 44989204 openimageio_2.5.14.0+dfsg.orig.tar.xz 137b9fabbe6ff65c555ebfb48cfe7be5d73de18edc86d3ceceb85518244e7566 17712 openimageio_2.5.14.0+dfsg-1.debian.tar.xz cc71113491a6644be4e9d29b2fcef6f3f82e64e2d413d05c6ec82a82184817e6 7988 openimageio_2.5.14.0+dfsg-1_source.buildinfo Files: 00aeea12cd41ddd31306d7dafd58af78 3008 libs optional openimageio_2.5.14.0+dfsg-1.dsc cbcefb048cd52591d648ea7eb6751777 44989204 libs optional openimageio_2.5.14.0+dfsg.orig.tar.xz 5a199c7c2d8a771e7f732596f686158b 17712 libs optional openimageio_2.5.14.0+dfsg-1.debian.tar.xz e8eb163d6ba3cf0ebeb3fab023768422 7988 libs optional openimageio_2.5.14.0+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- Comment: Debian powered! iQKTBAEBCgB9FiEE890J+NqH0d9QRsmbBhL0lE7NzVoFAma2AgFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYz REQwOUY4REE4N0QxREY1MDQ2Qzk5QjA2MTJGNDk0NEVDRENENUEACgkQBhL0lE7N zVrb1A//bOzNM8KRb5BAWvUD+fd9RGwu5drTHsvIiIVAohgy2BLR3I6DF7vWk6zA UMwlzcnxNPJTecdLfuiQLBsORAjMV6dMP23042s+KhIqPDq6Lf1yivv5FtCqocaZ qWhgyzRsk2NCzV76XCNlYgM7bjk0lHWHJ1mTsa/pnAWYcLSdRyuhomDNndNFgmrk K+8ev4+BdvsT1zoQx6wZnvcruhCvG+SzfwfEJCiAZ92EYfuDbuZsHz6z52xpC4YF 6QDr7JQVNk9mJPP5dw1YJZaBwWx07/H+KNNaEUWTs/Bl3rJYqFMETvyMnmfNXNWx xMtO8joEEcGjiiO4c7k4APtzzRnKCKDnpC+Ytzsi0e5R0h9NRhLZpLQutkRqjV7i 5YWD85i7GIOld4EkVPyPDj4+rHAUsf3JOQvS0YO9j1YS6lmUpcBzTLOBD1v4uRZR AYUO5yHybXEfoa4yE/W/huMER6ns0ppbcXRqKsXnLrdi2SgNa7+1G0MYZFaU8m6p kK7gBXZl1qXXrrwXxlQRTQEOjEvyruox+MCK6CoUyZoLY+AluZzRU8fEHVFDMtPl hbonPY6tgJQ42R3+jy7ZCPhgQGLG1oNqsCGPG7BHsLREDRnw1EYCbadLS0IQlJKu ln4NCyUQmkbTJnl0VdPPM+nsmULwBaKOSliL0KOC32kwkxGrll8= =HfTu -----END PGP SIGNATURE-----
