openexr (2.2.0-10ubuntu2.1) xenial-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/CVE-2017-911x.patch: add additional input validation
in IlmImf/ImfDwaCompressor.cpp, IlmImf/ImfHuf.cpp,
IlmImf/ImfPizCompressor.cpp.
- debian/patches/CVE-2017-911x-2.patch: address pointer overflows in
IlmImf/ImfScanLineInputFile.cpp, exrenvmap/readInputImage.cpp,
exrmakepreview/makePreview.cpp.
- debian/patches/CVE-2017-911x-3.patch: merge common fixes and move
bounds check to central location in IlmImf/ImfFrameBuffer.h,
IlmImf/ImfHeader.cpp, exrenvmap/readInputImage.cpp,
exrmakepreview/makePreview.cpp, exrmaketiled/Image.h,
exrmultiview/Image.h.
- debian/patches/CVE-2017-911x-4.patch: refactor origin function to a
Slice factory and Rgba custom utility in IlmImf/ImfFrameBuffer.cpp,
IlmImf/ImfFrameBuffer.h, IlmImf/ImfRgbaFile.h,
exrenvmap/readInputImage.cpp, exrmakepreview/makePreview.cpp,
exrmaketiled/Image.h, exrmultiview/Image.h.
- CVE-2017-9110
- CVE-2017-9111
- CVE-2017-9112
- CVE-2017-9113
- CVE-2017-9115
- CVE-2017-9116
- CVE-2017-12596
- CVE-2018-18444
Date: 2019-10-03 15:40:16.084657+00:00
Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com>
https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.1
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes