Bug#550424: marked as done (openexr6: CVE-2009-1720,1721,1722 potential vectors for arbitrary code execution)

[Debian Bug Tracking System]

Your message dated Wed, 21 Oct 2009 23:02:07 +0000
with message-id <e1n0kbz-00052h...@ries.debian.org>
and subject line Bug#550424: fixed in openexr 1.6.1-4.1
has caused the Debian Bug report #550424,
regarding openexr6: CVE-2009-1720,1721,1722 potential vectors for arbitrary  
code execution
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
550424: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550424
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: openexr6
Version: 1.6.1
Severity: serious
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for openexr6.

CVE-2009-1720[0]:
| Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow
| context-dependent attackers to cause a denial of service (application
| crash) or possibly execute arbitrary code via unspecified vectors that
| trigger heap-based buffer overflows, related to (1) the
| Imf::PreviewImage::PreviewImage function and (2) compressor
| constructors.  NOTE: some of these details are obtained from third
| party information.

CVE-2009-1721[1]:
| The decompression implementation in the Imf::hufUncompress function in
| OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a
| denial of service (application crash) or possibly execute arbitrary
| code via vectors that trigger a free of an uninitialized pointer.

CVE-2009-1722[2]:
| Heap-based buffer overflow in the compression implementation in
| OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of
| service (application crash) or possibly execute arbitrary code via
| unspecified vectors.

These issues are already fixed in the stable releases.  If you fix the
vulnerabilities please also make sure to include the CVE ids in your
changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1720
    http://security-tracker.debian.net/tracker/CVE-2009-1720
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1721
    http://security-tracker.debian.net/tracker/CVE-2009-1721
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1722
    http://security-tracker.debian.net/tracker/CVE-2009-1722

--- End Message ---

--- Begin Message ---

Source: openexr
Source-Version: 1.6.1-4.1

We believe that the bug you reported is fixed in the latest version of
openexr, which is due to be installed in the Debian FTP archive:

libopenexr-dev_1.6.1-4.1_i386.deb
  to pool/main/o/openexr/libopenexr-dev_1.6.1-4.1_i386.deb
libopenexr6_1.6.1-4.1_i386.deb
  to pool/main/o/openexr/libopenexr6_1.6.1-4.1_i386.deb
openexr_1.6.1-4.1.diff.gz
  to pool/main/o/openexr/openexr_1.6.1-4.1.diff.gz
openexr_1.6.1-4.1.dsc
  to pool/main/o/openexr/openexr_1.6.1-4.1.dsc
openexr_1.6.1-4.1_i386.deb
  to pool/main/o/openexr/openexr_1.6.1-4.1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 550...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <iucul...@debian.org> (supplier of updated openexr package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 21 Oct 2009 23:54:35 +0200
Source: openexr
Binary: openexr libopenexr-dev libopenexr6
Architecture: source i386
Version: 1.6.1-4.1
Distribution: unstable
Urgency: high
Maintainer: Debian PhotoTools Maintainers 
<pkg-phototools-de...@lists.alioth.debian.org>
Changed-By: Giuseppe Iuculano <iucul...@debian.org>
Description: 
 libopenexr-dev - development files for the OpenEXR image library
 libopenexr6 - runtime files for the OpenEXR image library
 openexr    - viewer and docs for the OpenEXR image format
Closes: 550424
Changes: 
 openexr (1.6.1-4.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fixed CVE-2009-1720: Integer overflows in Imf::PreviewImage::PreviewImage
     and integer overflows in compressor constructors
   * Fixed CVE-2009-1721: uninitialized pointers in Imf::hufUncompress
   * Patch stolen from stable-security, thanks to Cyril Brulebois
     (Closes: #550424)
Checksums-Sha1: 
 e5df2392a2255883ce6d2f60ccc6ee2ced4d0344 1304 openexr_1.6.1-4.1.dsc
 9255e74205ce8a4d85f5cfce72a1953d61605e7a 10368 openexr_1.6.1-4.1.diff.gz
 4bc801fb57c3262ef650b524bad5674e7fcd60f8 2770306 openexr_1.6.1-4.1_i386.deb
 dbda79836b53bedfde0203a54b4f9ad4bed11abd 371642 
libopenexr-dev_1.6.1-4.1_i386.deb
 80ab278e28018f913603270d26a4ed633e25bc30 261370 libopenexr6_1.6.1-4.1_i386.deb
Checksums-Sha256: 
 0327b712503f9a7bb5ef06cf58651c5507371542a6ab2c959ca442b7cc5a24e0 1304 
openexr_1.6.1-4.1.dsc
 73199158979fc92193cae4e10ea8a75382006b0e3ee0c00a289092081d33a888 10368 
openexr_1.6.1-4.1.diff.gz
 d6a35245420cace5cddf2ce863fc8f71907a011e67f28e0210766fb9da76f1dc 2770306 
openexr_1.6.1-4.1_i386.deb
 62ea35a43d7ffcf9f959c8205b5ebfedd4983454bc1a4e0fdce6c1f5d19acec0 371642 
libopenexr-dev_1.6.1-4.1_i386.deb
 2747cd355546c530740d079d27c61f67afefa598645188b0d1037d0566d625e3 261370 
libopenexr6_1.6.1-4.1_i386.deb
Files: 
 86293a8a019da0a30d6c34b15e669204 1304 graphics optional openexr_1.6.1-4.1.dsc
 bd9eb01e3aa95170cf1ca46647d2f65c 10368 graphics optional 
openexr_1.6.1-4.1.diff.gz
 c67725dd4acb62f4b22886ff77cdb77a 2770306 graphics optional 
openexr_1.6.1-4.1_i386.deb
 77c899e23ddad0fc1acb849eada3a96a 371642 libdevel optional 
libopenexr-dev_1.6.1-4.1_i386.deb
 663da343a7696da94992ed51077f57a1 261370 libs optional 
libopenexr6_1.6.1-4.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkrfhrQACgkQNxpp46476apVUgCcDdcrKfgLD3QqJK8N4bwT85sD
v+AAoI0Mm4vNkSgZc0B3Niv+NUpaew5Z
=yrcr
-----END PGP SIGNATURE-----

--- End Message ---