Sync openexr 1.6.1-4.1 (main) from Debian testing (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openexr (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/openexr
status confirmed
importance wishlist
subscribe ubuntu-archive
done
Please sync openexr 1.6.1-4.1 (main) from Debian testing (main)
Explanation of the Ubuntu delta and why it can be dropped:
Security patches were merged in unstable and the hppa testsuite workaround is
not needed anymore since we don't support hppa in lucid anyway and it's only
for older hppa kernels on buildds -- not truly a source problem.
Changelog entries since current lucid version 1.6.1-4ubuntu3:
openexr (1.6.1-4.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-1720: Integer overflows in Imf::PreviewIma
and integer overflows in compressor constructors
* Fixed CVE-2009-1721: uninitialized pointers in Imf::hufUncompress
* Patch stolen from stable-security, thanks to Cyril Brulebois
(Closes: #550424)
-- Giuseppe Iuculano <email address hidden> Wed, 21 Oct 2009 23:54:35 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAks
IKkAnjvhnFqpayO
=CtUS
-----END PGP SIGNATURE-----
--
Loïc Minier
[Updating] openexr (1.6.1-4ubuntu3 [Ubuntu] < 1.6.1-4.1 [Debian]) 1.6.1-4. 1.dsc: downloading from http:// ftp.debian. org/debian/> 1.6.1.orig. tar.gz: already in distro - downloading from librarian> 1.6.1-4. 1.diff. gz: downloading from http:// ftp.debian. org/debian/> 1.6.1-4ubuntu3 [universe]. dev_1.6. 1-4ubuntu3 [main]. 1.6.1-4ubuntu3 [main].
* Trying to add openexr...
- <openexr_
- <openexr_
- <openexr_
I: openexr [main] -> openexr_
I: openexr [main] -> libopenexr-
I: openexr [main] -> libopenexr6_