openexr (2.2.0-10ubuntu2.6) xenial-security; urgency=medium
* SECURITY UPDATE: shift overflow in FastHufDecoder
- debian/patches/CVE-2021-3474.patch: compute Huf codelengths using 64
bit to prevent shift overflow in IlmImf/ImfFastHuf.cpp.
- CVE-2021-3474
* SECURITY UPDATE: integer overflow in calculateNumTiles
- debian/patches/CVE-2021-3475.patch: compute level size with 64 bits
to avoid overflow in IlmImf/ImfTiledMisc.cpp.
- CVE-2021-3475
* SECURITY UPDATE: shift overflows
- debian/patches/CVE-2021-3476.patch: ignore unused bits in B44 mode
detection in IlmImf/ImfB44Compressor.cpp.
- CVE-2021-3476
* SECURITY UPDATE: out-of-bounds read via deep tile sample size
- debian/patches/CVE-2021-3477.patch: fix overflow computing deeptile
sample table size in IlmImf/ImfDeepTiledInputFile.cpp.
- CVE-2021-3477
* SECURITY UPDATE: memory consumption via input file
- debian/patches/CVE-2021-3478-pre1.patch: reduce size limit for
scanline files; prevent large chunkoffset allocations in
IlmImf/ImfCompressor.cpp, IlmImf/ImfCompressor.h, IlmImf/ImfMisc.cpp,
IlmImf/ImfMultiPartInputFile.cpp, IlmImf/ImfScanLineInputFile.cpp.
- debian/patches/CVE-2021-3478.patch: sanity check ScanlineInput
bytesPerLine instead of lineOffset size in
IlmImf/ImfScanLineInputFile.cpp.
- CVE-2021-3478
* SECURITY UPDATE: memory consumption in scanline API
- debian/patches/CVE-2021-3479-pre1.patch: address issues reported by
Undefined Behavior Sanitizer in IlmImf/ImfInputFile.cpp.
- debian/patches/CVE-2021-3479.patch: more efficient handling of filled
channels reading tiles with scanline API in IlmImf/ImfInputFile.cpp,
IlmImfTest/testScanLineApi.cpp.
- CVE-2021-3479
Date: 2021-04-01 14:33:10.455044+00:00
Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com>
https://launchpad.net/ubuntu/+source/openexr/2.2.0-10ubuntu2.6
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes