Format: 1.8
Date: Thu, 01 Apr 2021 08:47:09 -0400
Source: openexr
Binary: libopenexr-dev libopenexr24 openexr
Architecture: i386
Version: 2.3.0-6ubuntu0.5
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy01-amd64-011.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 libopenexr-dev - development files for the OpenEXR image library
 libopenexr24 - runtime files for the OpenEXR image library
 openexr    - command-line tools for the OpenEXR image format
Changes:
 openexr (2.3.0-6ubuntu0.5) focal-security; urgency=medium
 .
   * SECURITY UPDATE: shift overflow in FastHufDecoder
     - debian/patches/CVE-2021-3474.patch: compute Huf codelengths using 64
       bit to prevent shift overflow in IlmImf/ImfFastHuf.cpp.
     - CVE-2021-3474
   * SECURITY UPDATE: integer overflow in calculateNumTiles
     - debian/patches/CVE-2021-3475.patch: compute level size with 64 bits
       to avoid overflow in IlmImf/ImfTiledMisc.cpp.
     - CVE-2021-3475
   * SECURITY UPDATE: shift overflows
     - debian/patches/CVE-2021-3476.patch: ignore unused bits in B44 mode
       detection in IlmImf/ImfB44Compressor.cpp.
     - CVE-2021-3476
   * SECURITY UPDATE: out-of-bounds read via deep tile sample size
     - debian/patches/CVE-2021-3477.patch: fix overflow computing deeptile
       sample table size in IlmImf/ImfDeepTiledInputFile.cpp.
     - CVE-2021-3477
   * SECURITY UPDATE: memory consumption via input file
     - debian/patches/CVE-2021-3478-pre1.patch: reduce size limit for
       scanline files; prevent large chunkoffset allocations in
       IlmImf/ImfCompressor.cpp, IlmImf/ImfCompressor.h, IlmImf/ImfMisc.cpp,
       IlmImf/ImfMultiPartInputFile.cpp, IlmImf/ImfScanLineInputFile.cpp.
     - debian/patches/CVE-2021-3478.patch: sanity check ScanlineInput
       bytesPerLine instead of lineOffset size in
       IlmImf/ImfScanLineInputFile.cpp.
     - CVE-2021-3478
   * SECURITY UPDATE: memory consumption in scanline API
     - debian/patches/CVE-2021-3479-pre1.patch: address issues reported by
       Undefined Behavior Sanitizer in IlmImf/ImfInputFile.cpp.
     - debian/patches/CVE-2021-3479.patch: more efficient handling of filled
       channels reading tiles with scanline API in IlmImf/ImfInputFile.cpp,
       IlmImfTest/testScanLineApi.cpp.
     - CVE-2021-3479
Checksums-Sha1:
 3cbe2beaacae66b416d61711a29b3486719f47fd 746624 libopenexr-dev_2.3.0-6ubuntu0.5_i386.deb
 e844f6f45d69d13978c5258ca9ac709fb92d2cfd 3242788 libopenexr24-dbgsym_2.3.0-6ubuntu0.5_i386.ddeb
 593461d56ec44d9b6b38a56f527813da54d6c9c2 600844 libopenexr24_2.3.0-6ubuntu0.5_i386.deb
 597d9eb98b8981f5a62cfc3c768a3544792927ae 559084 openexr-dbgsym_2.3.0-6ubuntu0.5_i386.ddeb
 4ffb68880c93a1d0772c80023a82cabd6c0aafea 6367 openexr_2.3.0-6ubuntu0.5_i386.buildinfo
 0ec53e3b830996d2dd0367d8a402e7fe5fb27208 73220 openexr_2.3.0-6ubuntu0.5_i386.deb
Checksums-Sha256:
 dfaaffebce123596a1a7d3a0b8f4aaf57d1673fc9fbd48fb170570bb876d7453 746624 libopenexr-dev_2.3.0-6ubuntu0.5_i386.deb
 23ea88b3d91b0569cd29b088cf5d80177b2eac551d9f4145969ae2740b5f967e 3242788 libopenexr24-dbgsym_2.3.0-6ubuntu0.5_i386.ddeb
 0cf009b3e62c72cda9280ccf63d4a74fc81f3347aa5f709445f0156961f168b4 600844 libopenexr24_2.3.0-6ubuntu0.5_i386.deb
 ca03b2abbef11397638be3d330e36ca7c2c9231c1ecddc49eed2482333a22fc9 559084 openexr-dbgsym_2.3.0-6ubuntu0.5_i386.ddeb
 0cb8b1eff50a47c85942f36ed382632cfec0357b67b434873a8e5465fa5dfe82 6367 openexr_2.3.0-6ubuntu0.5_i386.buildinfo
 d87564f40fa3cabdfe8bd69c5904618f52c1483e088022730fc805b432867cd5 73220 openexr_2.3.0-6ubuntu0.5_i386.deb
Files:
 f67593a8c27b41095a7b92e3d313dac2 746624 libdevel optional libopenexr-dev_2.3.0-6ubuntu0.5_i386.deb
 02ebc4ba12ddcf178aeb5daf8472fb33 3242788 debug optional libopenexr24-dbgsym_2.3.0-6ubuntu0.5_i386.ddeb
 8c5724ca438dd58f23777ec9f0652908 600844 libs optional libopenexr24_2.3.0-6ubuntu0.5_i386.deb
 6c600eac9fe0915dd75ac3e78ccebfac 559084 debug optional openexr-dbgsym_2.3.0-6ubuntu0.5_i386.ddeb
 d21b517eec3343dcf7a16e54c35efc1f 6367 graphics optional openexr_2.3.0-6ubuntu0.5_i386.buildinfo
 805a29bc8a07d92b67cc590334dcaef2 73220 graphics optional openexr_2.3.0-6ubuntu0.5_i386.deb
Original-Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>