commit openexr for openSUSE:Factory

Wed, 17 Jul 2019 05:24:01 -0700 

Hello community,

here is the log from the commit of package openexr for openSUSE:Factory checked 
in at 2019-07-17 14:23:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openexr (Old)
 and      /work/SRC/openSUSE:Factory/.openexr.new.1887 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "openexr"

Wed Jul 17 14:23:43 2019 rev:30 rq:715498 version:2.3.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/openexr/openexr.changes  2019-06-25 
22:20:56.817029185 +0200
+++ /work/SRC/openSUSE:Factory/.openexr.new.1887/openexr.changes        
2019-07-17 14:23:44.448015781 +0200
@@ -1,0 +2,8 @@
+Mon Jul 15 14:06:20 UTC 2019 - [email protected]
+
+- security update
+- added patches
+  CVE-2017-14988 [bsc#1061305]
+  + openexr-CVE-2017-14988.patch
+
+-------------------------------------------------------------------

New:
----
  openexr-CVE-2017-14988.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ openexr.spec ++++++
--- /var/tmp/diff_new_pack.XsDHP4/_old  2019-07-17 14:23:45.436012584 +0200
+++ /var/tmp/diff_new_pack.XsDHP4/_new  2019-07-17 14:23:45.436012584 +0200
@@ -40,6 +40,8 @@
 # https://github.com/openexr/openexr/pull/401
 # CVE-2017-9111 [bsc#1040109], CVE-2017-9113 [bsc#1040113], CVE-2017-9115 
[bsc#1040115]
 Patch1:         openexr-CVE-2017-9111,9113,9115.patch
+# CVE-2017-14988 [bsc#1061305]
+Patch2:         openexr-CVE-2017-14988.patch
 BuildRequires:  automake
 BuildRequires:  fltk-devel
 BuildRequires:  freeglut-devel
@@ -140,6 +142,7 @@
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 export PTHREAD_LIBS="-lpthread"


++++++ openexr-CVE-2017-14988.patch ++++++
--- a/IlmImf/ImfHeader.cpp
+++ b/IlmImf/ImfHeader.cpp
@@ -1185,6 +1185,11 @@ Header::readFrom 
(OPENEXR_IMF_INTERNAL_NAMESPACE::IStream &is, int &version)
        checkIsNullTerminated (typeName, "attribute type name");
        OPENEXR_IMF_INTERNAL_NAMESPACE::Xdr::read 
<OPENEXR_IMF_INTERNAL_NAMESPACE::StreamIO> (is, size);
 
+    if( size < 0 )
+    {
+        throw IEX_NAMESPACE::InputExc("Invalid size field in header 
attribute");
+    }
+
        AttributeMap::iterator i = _map.find (name);
 
        if (i != _map.end())

Reply via email to