This bug was fixed in the package openexr - 2.2.0-11.1ubuntu1
---------------
openexr (2.2.0-11.1ubuntu1) bionic; urgency=medium
* Merge with Debian unstable (LP: #1742243). Remaining changes:
- Add ppc64el to the archs where to ignore test results.
openexr (2.2.0-11.1) unstable; urgency=high
* Non-maintainer upload.
* Fix CVE-2017-9110, CVE-2017-9112 and CVE-2017-9116.
Brandon Perry discovered that openexr was affected by an integer overflow
vulnerability and missing boundary checks that would allow a remote
attacker to cause a denial of service (application crash) via specially
crafted image files. (Closes: #864078)
-- Nishanth Aravamudan <[email protected]> Tue, 09 Jan
2018 10:49:25 -0800
** Changed in: openexr (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9110
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9112
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9116
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openexr in Ubuntu.
https://bugs.launchpad.net/bugs/1742243
Title:
Please merge with Debian unstable 2.2.0-11.1
Status in openexr package in Ubuntu:
Fix Released
Bug description:
TBD
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openexr/+bug/1742243/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
