Register | Log in

openexr

command-line tools for the OpenEXR image format

Choose email to subscribe with

general

source: openexr (main)
version: 2.2.1-4
maintainer: Debian PhotoTools Maintainers (archive) [DMD]
uploaders: Matteo F. Vescovi [DMD] – Mathieu Malaterre [DMD]
arch: all any
std-ver: 4.1.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.6.1-6
o-o-sec: 1.6.1-6+deb7u1
oldstable: 1.6.1-8
stable: 2.2.0-11
testing: 2.2.1-4
unstable: 2.2.1-4

versioned links

1.6.1-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.6.1-6+deb7u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.6.1-8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.0-11: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libopenexr-dev
libopenexr23
openexr
openexr-doc

action needed

5 security issues in sid high

There are 5 open security issues in sid.

5 important issues:

CVE-2017-9113: In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.
CVE-2017-14988: Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp.
CVE-2017-9114: In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.
CVE-2017-9115: In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
CVE-2017-9111: In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.

Please fix them.

Created: 2017-05-22 Last update: 2018-07-23 08:17

5 security issues in buster high

There are 5 open security issues in buster.

5 important issues:

CVE-2017-9113: In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.
CVE-2017-14988: Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp.
CVE-2017-9114: In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.
CVE-2017-9115: In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
CVE-2017-9111: In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.

Please fix them.

Created: 2017-06-18 Last update: 2018-07-23 08:17

lintian reports 6 warnings high

Lintian reports 6 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2014-07-03 Last update: 2018-06-20 08:01

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2018-07-31 Last update: 2018-09-24 00:34

9 ignored security issues in stretch low

There are 9 open security issues in stretch.

9 issues skipped by the security teams:

CVE-2017-9110: In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.
CVE-2017-12596: In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.
CVE-2017-9111: In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
CVE-2017-9112: In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.
CVE-2017-9113: In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.
CVE-2017-9115: In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
CVE-2017-9114: In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.
CVE-2017-14988: Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp.
CVE-2017-9116: In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.

Please fix them.

Created: 2017-05-22 Last update: 2018-07-23 08:17

9 ignored security issues in jessie low

There are 9 open security issues in jessie.

9 issues skipped by the security teams:

CVE-2017-9110: In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.
CVE-2017-12596: In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.
CVE-2017-9111: In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
CVE-2017-9112: In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.
CVE-2017-9113: In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.
CVE-2017-9115: In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
CVE-2017-9114: In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.
CVE-2017-14988: Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp.
CVE-2017-9116: In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.

Please fix them.

Created: 2017-05-22 Last update: 2018-07-23 08:17

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-01-08 Last update: 2018-01-08 13:50

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.2.1 instead of 4.1.3).

Created: 2018-04-16 Last update: 2018-08-26 08:17

news

[2018-03-16] openexr 2.2.1-4 MIGRATED to testing (Debian testing watch)
[2018-03-11] Accepted openexr 2.2.1-4 (source) into unstable (Matteo F. Vescovi)
[2018-03-10] Accepted openexr 2.2.1-3 (source) into experimental (Matteo F. Vescovi)
[2018-03-08] Accepted openexr 2.2.1-2 (source amd64 all) into experimental, experimental (Matteo F. Vescovi)
[2018-01-10] Accepted openexr 2.2.1-1 (source amd64 all) into experimental (Matteo F. Vescovi) (signed by: Mathieu Malaterre)
[2017-09-03] openexr 2.2.0-11.1 MIGRATED to testing (Debian testing watch)
[2017-08-31] Accepted openexr 2.2.0-11.1 (source) into unstable (Markus Koschany)
[2017-08-31] Accepted openexr 1.6.1-6+deb7u1 (source amd64) into oldoldstable (Markus Koschany)
[2016-07-24] openexr 2.2.0-11 MIGRATED to testing (Debian testing watch)
[2016-07-19] Accepted openexr 2.2.0-11 (source) into unstable (Mathieu Malaterre)
[2016-03-04] openexr 2.2.0-10 MIGRATED to testing (Debian testing watch)
[2016-02-27] Accepted openexr 2.2.0-10 (source) into unstable (Matteo F. Vescovi)
[2016-02-07] openexr 2.2.0-9 MIGRATED to testing (Debian testing watch)
[2016-02-01] Accepted openexr 2.2.0-9 (source) into unstable (Matteo F. Vescovi)
[2016-01-18] Accepted openexr 2.2.0-8 (source) into experimental (Mathieu Malaterre) (signed by: Mattia Rizzolo)
[2015-10-19] Accepted openexr 2.2.0-7 (source all) into experimental (Mathieu Malaterre)
[2015-10-16] Accepted openexr 2.2.0-6 (source all) into experimental (Mathieu Malaterre)
[2015-10-06] Accepted openexr 2.2.0-5 (source) into experimental (Mathieu Malaterre) (signed by: Matteo F. Vescovi)
[2015-09-25] Accepted openexr 2.2.0-4 (source) into experimental (Matteo F. Vescovi)
[2015-09-13] Accepted openexr 2.2.0-3 (source amd64 all) into experimental (Mathieu Malaterre)
[2015-09-07] openexr 1.6.1-8.1 MIGRATED to testing (Britney)
[2015-08-23] Accepted openexr 2.2.0-2 (source all) into experimental (Mathieu Malaterre)
[2015-08-11] Accepted openexr 1.6.1-8.1 (source amd64) into unstable, unstable (Matthias Klose)
[2015-07-15] Accepted openexr 2.2.0-1 (source amd64 all) into experimental, experimental (Mathieu Malaterre) (signed by: Matteo F. Vescovi)
[2015-05-09] Accepted openexr 1.6.1-10 (source amd64 all) into experimental (Mathieu Malaterre)
[2015-04-02] Accepted openexr 1.6.1-9 (source amd64 all) into experimental, experimental (Mathieu Malaterre)
[2014-09-07] openexr 1.6.1-8 MIGRATED to testing (Britney)
[2014-08-31] Accepted openexr 1.6.1-8 (source i386) into unstable (Andreas Metzler)
[2013-05-05] openexr 1.6.1-7 MIGRATED to testing (Debian testing watch)
[2012-12-08] Accepted openexr 1.6.1-7 (source i386) (Andreas Metzler)

1
2

bugs [bug history graph]

all: 3
RC: 0
I&N: 1
M&W: 2
F&P: 0
patch: 0

links

homepage
lintian (0, 6)
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.2.1-4build1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing