Your message dated Thu, 31 Aug 2017 22:52:01 +0000 with message-id <e1dnyjd-000gkg...@fasolo.debian.org> and subject line Bug#864078: fixed in openexr 2.2.0-11.1 has caused the Debian Bug report #864078, regarding CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2017-9117 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 864078: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: openexr Severity: grave Tags: security Please see http://www.openwall.com/lists/oss-security/2017/05/12/5 These were reported upstream at https://github.com/openexr/openexr/issues/232 Upstream fixes are linked in the github bug. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: openexr Source-Version: 2.2.0-11.1 We believe that the bug you reported is fixed in the latest version of openexr, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 864...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated openexr package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 31 Aug 2017 23:52:03 +0200 Source: openexr Binary: openexr openexr-doc libopenexr-dev libopenexr22 Architecture: source Version: 2.2.0-11.1 Distribution: unstable Urgency: high Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: libopenexr-dev - development files for the OpenEXR image library libopenexr22 - runtime files for the OpenEXR image library openexr - command-line tools for the OpenEXR image format openexr-doc - documentation and examples for the OpenEXR image format Closes: 864078 Changes: openexr (2.2.0-11.1) unstable; urgency=high . * Non-maintainer upload. * Fix CVE-2017-9110, CVE-2017-9112 and CVE-2017-9116. Brandon Perry discovered that openexr was affected by an integer overflow vulnerability and missing boundary checks that would allow a remote attacker to cause a denial of service (application crash) via specially crafted image files. (Closes: #864078) Checksums-Sha1: 593be276da8186200a66d17fbf48a09a2719a175 2439 openexr_2.2.0-11.1.dsc 221bfdeb51296f243601a3273e3c413bf38f3b0f 17344 openexr_2.2.0-11.1.debian.tar.xz e48088e2be4d28facdecfc754acad8240d71a452 7006 openexr_2.2.0-11.1_amd64.buildinfo Checksums-Sha256: 8d987878d616cf3c089042b2becedeb06b5d599936194ab92e5a5b44d663bf0f 2439 openexr_2.2.0-11.1.dsc d0499a25e6307dea5f985cb11a00045b7f22b71f4b86bca00b133be4acfa8a4e 17344 openexr_2.2.0-11.1.debian.tar.xz 9872fe715f8b473b6c030330b7d85dc3327e79d041f0fa3faf41cbf5474dc460 7006 openexr_2.2.0-11.1_amd64.buildinfo Files: 5523c1dfe6e72693501b9416012fda92 2439 graphics optional openexr_2.2.0-11.1.dsc 4ffdb4a4d1c0f997147e7748bc2ab35c 17344 graphics optional openexr_2.2.0-11.1.debian.tar.xz 8a3c634ed6ed896658061562de8cad48 7006 graphics optional openexr_2.2.0-11.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlmojNJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkD6kP/RE59KHJw8mXUHXSsEtMKVctE2vcUfKbdo5I dl1DUzUiLGV3uAR75c0/1kAYYr8xeUbFmB4kadpbTVvl6dWJk3bgN04LkB/Jp8rr r0GyzgHM3w78XXIzBnUy8fEhMVUJ7jCkJQ1s5GRNnUXpkK26Rm9KOTt4RCZGoXjg hvlWir/pE+OMhOWYssa2QQSqValeYVF5eDmtRn5MBjZWKLOgKYik/nQ3a67l91Kh suawzYkfQM5Ny3oXb53gD0C9bm0iwpHg0/xJ2tY35WPpAWQ0rVCzwKZ332RUNlyK a08xMxO+g0S2q8OqruVihwjsGwOUO13o4XQrR+n5nW3asHj+L68r3z3WM4nl33KZ fWgdge9jldZ5P/lUHSFqRLBcr+aRdeUvhao9sxymn4gzfgjZicpp3beyTtf8/0jx 9kAUvslaLpfUeWrPmINY4iEFYL7UKMZs67KFrsD75oYASiosbpPJPfvh98c3Eb9K QsBPWRUgGfWbzMDKBtvbSpmgkkOFMcG+GYF0AUoSUOzEcgcad4rbaWy9dKde9VPk vlkNq/959iDBOJgi5jHhf5oSfTOzLZ8Dcax8Fnq6I0O+doGRKsspGaFTJLUREsVh Rpu55yZMxGCm1rQW9+Mb/hFWwTqGjDshfSyRZHSTfGdHSzWx3FKuclMPXMGkaUXZ XG8nRFe2 =3DLb -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
