-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 31 Aug 2017 00:37:58 +0200 Source: openexr Binary: openexr libopenexr-dev libopenexr6 Architecture: source amd64 Version: 1.6.1-6+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libopenexr-dev - development files for the OpenEXR image library libopenexr6 - runtime files for the OpenEXR image library openexr - command-line tools and docs for the OpenEXR image format Closes: 864078 Changes: openexr (1.6.1-6+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-9110, CVE-2017-9112 and CVE-2017-9116. Brandon Perry discovered that openexr, a high dynamic-range (HDR) image library, was affected by an integer overflow vulnerability and missing boundary checks that would allow a remote attacker to cause a denial of service (application crash) via specially crafted image files. (Closes: #864078) Checksums-Sha1: 5549cf0d170d57f6c41c76da9ea99bace922cd04 2288 openexr_1.6.1-6+deb7u1.dsc b3650e6542f0e09daadb2d467425530bc8eec333 13632660 openexr_1.6.1.orig.tar.gz aadcc71b5bffffef2b0520c77736d6f935ec0475 14423 openexr_1.6.1-6+deb7u1.debian.tar.gz 45df2c818db4e5531c1ba1a864734dddb4a2404f 2773938 openexr_1.6.1-6+deb7u1_amd64.deb 29f3b0ce2ef7a035e0f7fee8f36fa1f45cc94a78 394330 libopenexr-dev_1.6.1-6+deb7u1_amd64.deb cf71ebdce34f891bf91d44f83c757f1da1377a7f 249196 libopenexr6_1.6.1-6+deb7u1_amd64.deb Checksums-Sha256: 5f49c1d9180589acc8d87fce389a7e70cb1c43ddef812a66715861e1249d913a 2288 openexr_1.6.1-6+deb7u1.dsc c616906ab958de9c37bb86ca7547cfedbdfbad5e1ca2a4ab98983c9afa6a5950 13632660 openexr_1.6.1.orig.tar.gz b2ddcb95827e9269acdb89f5d20ca77290d536eee8a764134adff8cb4fdbb9ab 14423 openexr_1.6.1-6+deb7u1.debian.tar.gz af44e96e89155fcff5882ca9433d60c47f6285d76bc0930d65fbe31c9c568ab4 2773938 openexr_1.6.1-6+deb7u1_amd64.deb 3aad289f1df6d6a16e5848cd0ff9ef1da7b9b07b363b13431dc9b059f5ba15d5 394330 libopenexr-dev_1.6.1-6+deb7u1_amd64.deb b956e17e9108a745e04ba1724dff694702476141d0de4fb988cf4bdce4a1bc33 249196 libopenexr6_1.6.1-6+deb7u1_amd64.deb Files: 45e7f52bf75d4245599d8f5b19fdcec0 2288 graphics optional openexr_1.6.1-6+deb7u1.dsc 11951f164f9c872b183df75e66de145a 13632660 graphics optional openexr_1.6.1.orig.tar.gz f87bb81126a86b9c48d00b488506865e 14423 graphics optional openexr_1.6.1-6+deb7u1.debian.tar.gz ef64bdfc7a63bf1e8496abad2f1cbc5a 2773938 graphics optional openexr_1.6.1-6+deb7u1_amd64.deb c554382710fdccd59fe1f41e513d5c2c 394330 libdevel optional libopenexr-dev_1.6.1-6+deb7u1_amd64.deb fb87af1ae44844ad4aa127d5d2d972e3 249196 libs optional libopenexr6_1.6.1-6+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlmofmtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk8CwQALyTCC9uVa4q3UVfnvTP/NLzVUHAhkjS3PO0 PT+2cozUo50fvwlyqy/gDuTlEnzPtFWS5EsDozFPqYv6hlJz0h/dMj7fc+ddM4Wu OUNAEChRKw0jqe2uXdoPPpOrbN/VFwK2XbMalHfyMDHDxTDJ158HWAeWlRAVZ6Y+ q09PHkxQiftftLqadXaQzQk/MUS9LeXfcp9pPzXya3HBeu+4PeqHSOP2XYqCH0K1 S4WlQ+kwPmMs5W/xPYaC15PKZ1sn/Lx4yhfhRTiHQM/iJMl1ll3MiLk+6kNy0YhW m2piJ0cgdpfsQUDX/JokxpFe1in9XNX9EcuKG6KaVmQZ69vM6E+ZkPD1r6DcH8HL NolStH/aNdCDA7V+liwgski8fUaLPShWIxDL9Q147VRdmSe70b49ZQautPSZuVmk NrOir1rYHGTwnemX6CLNsBkOvpd6dzTZzyuUWW5dp0aUDWeu1/0DhnEYMGOXoA/s BqSrC2J2dKvGrWyafYo5uOnHyir6IQ4jX7ZJH9frNfTqWCyYkZfdwxZJzac5poCE gcckobmeJ8saHzzselNu9s/hLx9spd1q2/iuW7d1tt2ZLuIi8lcVDXOHxEJMc58x Mlh3c0s7EHbqWPZVoR2xE+/7+SGwvwH9YRLNaH2OoTWIQx0y+C6YqJsKwej8AyKf 4Ypj+chV =Kk+f -----END PGP SIGNATURE-----
