Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package openexr This new revision aims to fix the CVE-2021-23169, regarding the Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer. [ Reason ] Framebuffer didn't handle images with nonzero dataWindow.min.x!=0 and xSampling!=1, as well as in exrcheck's stream object, calling seekg() with a bad value would still seek to a bad position, even though it threw an exception, so a future read would segfault [ Impact ] The fix should handle xsampling and bad seekg() calls in exrcheck, that in previous Debian revision weren't managed yet. [ Tests ] Tests were made upstream, back in December 2020. [ Risks ] Very low risk for regressions. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock openexr/2.5.4-2 -- Matteo F. Vescovi || Debian Developer GnuPG KeyID: 4096R/0x8062398983B2CF7A
diff -Nru openexr-2.5.4/debian/changelog openexr-2.5.4/debian/changelog --- openexr-2.5.4/debian/changelog 2021-01-21 23:24:00.000000000 +0100 +++ openexr-2.5.4/debian/changelog 2021-05-18 23:26:12.000000000 +0200 @@ -1,3 +1,14 @@ +openexr (2.5.4-2) unstable; urgency=high + + * debian/patches/: patchset updated + - CVE-2021-23169.diff added (Closes: #988240) + | This patch aims to fix CVE-2021-23169: + | Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer + | The patch applied is a reduced version of the upstream + | commit, given the code base has changed in the meanwhile. + + -- Matteo F. Vescovi <m...@debian.org> Tue, 18 May 2021 23:26:12 +0200 + openexr (2.5.4-1) unstable; urgency=medium * New upstream release diff -Nru openexr-2.5.4/debian/patches/CVE-2021-23169.diff openexr-2.5.4/debian/patches/CVE-2021-23169.diff --- openexr-2.5.4/debian/patches/CVE-2021-23169.diff 1970-01-01 01:00:00.000000000 +0100 +++ openexr-2.5.4/debian/patches/CVE-2021-23169.diff 2021-05-18 23:21:27.000000000 +0200 @@ -0,0 +1,19 @@ +Author: peterhillman <pet...@wetafx.co.nz> +Date: Thu Dec 3 10:53:32 2020 +1300 +Subject: Handle xsampling and bad seekg() calls in exrcheck +Origin: https://github.com/AcademySoftwareFoundation/openexr/pull/872 +Bug-Debian: https://bugs.debian.org/988240 + +diff --git a/OpenEXR/IlmImf/ImfDeepTiledInputFile.cpp b/OpenEXR/IlmImf/ImfDeepTiledInputFile.cpp +index f5abe9c6..94452905 100644 +--- a/OpenEXR/IlmImf/ImfDeepTiledInputFile.cpp ++++ b/OpenEXR/IlmImf/ImfDeepTiledInputFile.cpp +@@ -960,7 +960,7 @@ DeepTiledInputFile::compatibilityInitialize(OPENEXR_IMF_INTERNAL_NAMESPACE::IStr + void + DeepTiledInputFile::multiPartInitialize(InputPartData* part) + { +- if (isTiled(part->header.type()) == false) ++ if (part->header.type() != DEEPTILE) + THROW (IEX_NAMESPACE::ArgExc, "Can't build a DeepTiledInputFile from a part of type " << part->header.type()); + + _data->_streamData = part->mutex; diff -Nru openexr-2.5.4/debian/patches/series openexr-2.5.4/debian/patches/series --- openexr-2.5.4/debian/patches/series 2020-05-10 23:13:25.000000000 +0200 +++ openexr-2.5.4/debian/patches/series 2021-05-18 23:03:57.000000000 +0200 @@ -11,3 +11,4 @@ #CVE-2017-911x.patch am_foreign_set_global.diff bug909865.patch +CVE-2021-23169.diff
signature.asc
Description: PGP signature
