Univention Bugzilla – Bug 53634
openexr: Multiple issues (4.4)
Last modified: 2021-08-11 16:48:31 CEST
New Debian openexr 2.2.0-11+deb9u4 fixes: This update addresses the following issues: * Heap buffer overflow in the rleUncompress function (CVE-2021-3605) * Null-dereference READ in Imf_2_5::Header::operator (CVE-2021-20299) * Integer-overflow in Imf_2_5::hufUncompress (CVE-2021-20300) * Floating-point-exception in Imf_2_5::precalculateTileInfot (CVE-2021-20302) * Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer (CVE-2021-20303)
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/openexr_2.2.0-11+deb9u3.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/openexr_2.2.0-11+deb9u4.dsc @@ -1,3 +1,13 @@ +2.2.0-11+deb9u4 [Fri, 30 Jul 2021 20:59:52 +0200] Sylvain Beucler <beuc@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * CVE-2021-3605: heap buffer overflow in the rleUncompress function. + * CVE-2021-20299: null-dereference READ when reading files with no parts/headers. + * CVE-2021-20300: integer-overflow in Imf_2_5::hufUncompress. + * CVE-2021-20302: floating-point-exception in + Imf_2_5::precalculateTileInfot. + * CVE-2021-20303: heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer. + 2.2.0-11+deb9u3 [Sat, 03 Jul 2021 17:57:41 +0200] Sylvain Beucler <beuc@debian.org>: * Non-maintainer upload by the LTS Security Team. <http://piuparts.knut.univention.de/4.4-8/#3509767328433159143>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 5b83b9c359 Bug #53634: openexr 2.2.0-11+deb9u4 doc/errata/staging/openexr.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) [4.4-8] fe267a7335 Bug #53634: openexr 2.2.0-11+deb9u4 doc/errata/staging/openexr.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1024>