-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 31 Aug 2017 23:52:03 +0200 Source: openexr Binary: openexr openexr-doc libopenexr-dev libopenexr22 Architecture: source Version: 2.2.0-11.1 Distribution: unstable Urgency: high Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libopenexr-dev - development files for the OpenEXR image library libopenexr22 - runtime files for the OpenEXR image library openexr - command-line tools for the OpenEXR image format openexr-doc - documentation and examples for the OpenEXR image format Closes: 864078 Changes: openexr (2.2.0-11.1) unstable; urgency=high . * Non-maintainer upload. * Fix CVE-2017-9110, CVE-2017-9112 and CVE-2017-9116. Brandon Perry discovered that openexr was affected by an integer overflow vulnerability and missing boundary checks that would allow a remote attacker to cause a denial of service (application crash) via specially crafted image files. (Closes: #864078) Checksums-Sha1: 593be276da8186200a66d17fbf48a09a2719a175 2439 openexr_2.2.0-11.1.dsc 221bfdeb51296f243601a3273e3c413bf38f3b0f 17344 openexr_2.2.0-11.1.debian.tar.xz e48088e2be4d28facdecfc754acad8240d71a452 7006 openexr_2.2.0-11.1_amd64.buildinfo Checksums-Sha256: 8d987878d616cf3c089042b2becedeb06b5d599936194ab92e5a5b44d663bf0f 2439 openexr_2.2.0-11.1.dsc d0499a25e6307dea5f985cb11a00045b7f22b71f4b86bca00b133be4acfa8a4e 17344 openexr_2.2.0-11.1.debian.tar.xz 9872fe715f8b473b6c030330b7d85dc3327e79d041f0fa3faf41cbf5474dc460 7006 openexr_2.2.0-11.1_amd64.buildinfo Files: 5523c1dfe6e72693501b9416012fda92 2439 graphics optional openexr_2.2.0-11.1.dsc 4ffdb4a4d1c0f997147e7748bc2ab35c 17344 graphics optional openexr_2.2.0-11.1.debian.tar.xz 8a3c634ed6ed896658061562de8cad48 7006 graphics optional openexr_2.2.0-11.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlmojNJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkD6kP/RE59KHJw8mXUHXSsEtMKVctE2vcUfKbdo5I dl1DUzUiLGV3uAR75c0/1kAYYr8xeUbFmB4kadpbTVvl6dWJk3bgN04LkB/Jp8rr r0GyzgHM3w78XXIzBnUy8fEhMVUJ7jCkJQ1s5GRNnUXpkK26Rm9KOTt4RCZGoXjg hvlWir/pE+OMhOWYssa2QQSqValeYVF5eDmtRn5MBjZWKLOgKYik/nQ3a67l91Kh suawzYkfQM5Ny3oXb53gD0C9bm0iwpHg0/xJ2tY35WPpAWQ0rVCzwKZ332RUNlyK a08xMxO+g0S2q8OqruVihwjsGwOUO13o4XQrR+n5nW3asHj+L68r3z3WM4nl33KZ fWgdge9jldZ5P/lUHSFqRLBcr+aRdeUvhao9sxymn4gzfgjZicpp3beyTtf8/0jx 9kAUvslaLpfUeWrPmINY4iEFYL7UKMZs67KFrsD75oYASiosbpPJPfvh98c3Eb9K QsBPWRUgGfWbzMDKBtvbSpmgkkOFMcG+GYF0AUoSUOzEcgcad4rbaWy9dKde9VPk vlkNq/959iDBOJgi5jHhf5oSfTOzLZ8Dcax8Fnq6I0O+doGRKsspGaFTJLUREsVh Rpu55yZMxGCm1rQW9+Mb/hFWwTqGjDshfSyRZHSTfGdHSzWx3FKuclMPXMGkaUXZ XG8nRFe2 =3DLb -----END PGP SIGNATURE-----
