Your message dated Wed, 19 May 2021 18:33:34 +0000 with message-id <e1ljr0g-000amc...@fasolo.debian.org> and subject line Bug#988240: fixed in openexr 2.5.4-2 has caused the Debian Bug report #988240, regarding openexr: CVE-2021-23169 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 988240: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988240 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: openexr Version: 2.5.4-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for openexr. CVE-2021-23169[0]: | Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-23169 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23169 [1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28051 [2] https://github.com/AcademySoftwareFoundation/openexr/commit/ae6d203892cc9311917a7f4f05354ef792b3e58e Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: openexr Source-Version: 2.5.4-2 Done: Matteo F. Vescovi <m...@debian.org> We believe that the bug you reported is fixed in the latest version of openexr, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 988...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matteo F. Vescovi <m...@debian.org> (supplier of updated openexr package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 18 May 2021 23:26:12 +0200 Source: openexr Architecture: source Version: 2.5.4-2 Distribution: unstable Urgency: high Maintainer: Debian PhotoTools Maintainers <pkg-phototools-de...@lists.alioth.debian.org> Changed-By: Matteo F. Vescovi <m...@debian.org> Closes: 988240 Changes: openexr (2.5.4-2) unstable; urgency=high . * debian/patches/: patchset updated - CVE-2021-23169.diff added (Closes: #988240) | This patch aims to fix CVE-2021-23169: | Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer | The patch applied is a reduced version of the upstream | commit, given the code base has changed in the meanwhile. Checksums-Sha1: 6ccc3ce76a9956927dda26871590860a757240f9 2683 openexr_2.5.4-2.dsc 331e4f46fb179329e56c6e2655d429be0c619b48 21884 openexr_2.5.4-2.debian.tar.xz ebfd615c8404206f50d55973c94fc73457fb0fe1 6009 openexr_2.5.4-2_source.buildinfo Checksums-Sha256: e4b4ed56c3edece1c074c8407ec7359c1c9a3e118d1d51aeb6f892f63af88dca 2683 openexr_2.5.4-2.dsc bfbf60f4716ca6c366f4d51fea3eb10bf731e46e66e49755b8a64faeead9d8ac 21884 openexr_2.5.4-2.debian.tar.xz 72815fe310d20da5549bb3312d26ef2f107ef8143cf5c158a501c830baacb223 6009 openexr_2.5.4-2_source.buildinfo Files: 4ddaf2bbba97ac690ae6e6695ff7cdca 2683 graphics optional openexr_2.5.4-2.dsc 2912fdcfa09685c30f0be1ffc849f782 21884 graphics optional openexr_2.5.4-2.debian.tar.xz 86f745247914a9286a4f96a3f0dc10ed 6009 graphics optional openexr_2.5.4-2_source.buildinfo -----BEGIN PGP SIGNATURE----- Comment: Debian powered! iQKTBAEBCgB9FiEE890J+NqH0d9QRsmbBhL0lE7NzVoFAmCkMQVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYz REQwOUY4REE4N0QxREY1MDQ2Qzk5QjA2MTJGNDk0NEVDRENENUEACgkQBhL0lE7N zVqaUBAAmhLGqnrERZuhTdoYAJz6j80KU4CUgsU1Dz1SWoXJrpAQVxyeorsiae5f niIKAnfhzwXkzH+CLZ6sdTpnFsua0+OD5QRZYUkPLBk6ReECw6y/c+zTzC75JMwN solwWzyldghml64GEmjeXwr++9D0EcUGkXV5A0PMEiTjQLxx1Gr87DciM4YfVa0n NBdowdRQU7QeDXWnvtD/8H6CjPVI3iC3tb+RpvX8WJ4ocwtUptUotm7OorzNxK1p UHbLszaI3zNGumRJ7LyXcURfCxuYlXrqyEPkB8PMVMC9EfQu4iJebE+gtkdKSpMJ p/3EE/1ZB/aYRKL6hQN3jZKMOWgfKfQvF4wI9QTfU4cNblsroV8CEM83z9cafx+o hJ2RVPprfI11pWGHE9lUCEI5yME1cJ5iHn9/U82wgrW6EQT3yLByVWquDn00S9Fr sIlVjoLC/Yty86RU8LN+bq+Dl/Oz0IYx8kJRzpj5P1JwCdafl6bjDC/KnzDfRBSs hKsu3Osswxgzt09cICtfMccdztjMvpvVqjIBOR+Mk/dKrutWbmYSUbHRRtCusrZP SWL9EG6/gSiq5hOUp09R/IAn7QPfQyXRIUyBYW+mH6m7TK8HWqGALaW9XKH+oRL0 0pADN+bkIv6Nc4U5ntC1onXBA3nMToSaOb4vU4vBVE/S4AtqXUI= =zKSp -----END PGP SIGNATURE-----
--- End Message ---
