openexr (3.1.5-5) unstable; urgency=medium * Team upload. [ Andreas Metzler ] * Make versioning of libilmbase-dev Breaks/Replaces binNMU-safe. (Closes: #1033617) [ Matteo F. Vescovi ] * debian/control: S-V bump 4.6.1 -> 4.6.2 (no changes needed) -- Matteo F. Vescovi <mfv@debian.org> Sun, 23 Apr 2023 18:46:33 +0200 openexr (3.1.5-4) unstable; urgency=medium * d/control: Add missing zlib1g-dev dependency. Closes: #1017516 * d/control: Run wrap-and-sort * d/control: Bump Std-Vers to 4.6.1 no changes needed -- Mathieu Malaterre <malat@debian.org> Wed, 17 Aug 2022 12:44:50 +0200 openexr (3.1.5-3) unstable; urgency=medium * d/control: Add missing Breaks/Replaces on libilmbase-dev. Closes: #1009308 -- Mathieu Malaterre <malat@debian.org> Wed, 17 Aug 2022 09:32:51 +0200 openexr (3.1.5-2) unstable; urgency=medium * Upload to unstable. -- Mathieu Malaterre <malat@debian.org> Tue, 16 Aug 2022 18:52:29 +0200 openexr (3.1.5-1) experimental; urgency=medium * Team upload. [ Mathieu Malaterre ] * d/rules: Do not always build documentation [ Matteo F. Vescovi ] * New upstream release * debian/control: drop myself from Uploaders -- Matteo F. Vescovi <mfv@debian.org> Thu, 28 Apr 2022 00:02:26 +0200 openexr (3.1.4-1) experimental; urgency=medium * New upstream release -- Matteo F. Vescovi <mfv@debian.org> Fri, 04 Feb 2022 00:00:31 +0100 openexr (3.1.3-2) experimental; urgency=medium * debian/control: move Indep deps to Arch-dependent -- Matteo F. Vescovi <mfv@debian.org> Fri, 03 Dec 2021 21:59:58 +0100 openexr (3.1.3-1) experimental; urgency=medium * New upstream release - debian/: SONAME bump 2 -> 3 - debian/patches/: patchset dropped (obsolete) * debian/control: - S-V bump 4.5.1 -> 4.6.0 (no changes needed) - Homepage field updated * debian/: documentation files re-worked massively * debian/rules: script simplified * debian/upstream/metadata: new file added * debian/copyright: entries updated * debian/libopenexr25.lintian-overrides: file dropped * debian/openexr.maintscript: file dropped * debian/libopenexr-dev.maintscript: file dropped -- Matteo F. Vescovi <mfv@debian.org> Wed, 24 Nov 2021 14:23:19 +0100 openexr (2.5.7-1) unstable; urgency=medium * New upstream release - debian/control: bump libilmbase-dev version - debian/patches/series: drop CVE-2021-23169.diff (applied upstream) This release addresses following security issues: + CVE-2021-26260 and CVE-2021-23215 | An integer overflow leading to a heap-buffer overflow | was found in the DwaCompressor of OpenEXR in versions | before 3.0.1. An attacker could use this flaw to crash | an application compiled with OpenEXR. + CVE-2021-3605 and CVE-2021-3598 | There's a flaw in OpenEXR's rleUncompress functionality | in versions prior to 3.0.5. An attacker who is able to | submit a crafted file to an application linked with | OpenEXR could cause an out-of-bounds read. | The greatest risk from this flaw is to application | availability. * debian/watch: change path and narrow down search -- Matteo F. Vescovi <mfv@debian.org> Sat, 28 Aug 2021 22:20:22 +0200 openexr (2.5.4-2) unstable; urgency=high * debian/patches/: patchset updated - CVE-2021-23169.diff added (Closes: #988240) | This patch aims to fix CVE-2021-23169: | Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer | The patch applied is a reduced version of the upstream | commit, given the code base has changed in the meanwhile. -- Matteo F. Vescovi <mfv@debian.org> Tue, 18 May 2021 23:26:12 +0200 openexr (2.5.4-1) unstable; urgency=medium * New upstream release * debian/watch: parameters updated * debian/control: - S-V bump 4.5.0 -> 4.5.1 (no changes needed) - set minimal ilmbase lib to v2.5.4 -- Matteo F. Vescovi <mfv@debian.org> Thu, 21 Jan 2021 23:24:00 +0100 openexr (2.5.3-2) unstable; urgency=medium * Upload to unstable (Closes: #959444) -- Matteo F. Vescovi <mfv@debian.org> Fri, 21 Aug 2020 22:56:55 +0200 openexr (2.5.3-1) experimental; urgency=medium * New upstream release -- Matteo F. Vescovi <mfv@debian.org> Fri, 14 Aug 2020 20:54:17 +0200 openexr (2.5.2-2) experimental; urgency=medium * debian/control: strict versioning against libilmbase-dev -- Matteo F. Vescovi <mfv@debian.org> Thu, 06 Aug 2020 20:18:22 +0200 openexr (2.5.2-1) experimental; urgency=medium * New upstream release -- Matteo F. Vescovi <mfv@debian.org> Thu, 06 Aug 2020 17:38:22 +0200 openexr (2.5.1-2) experimental; urgency=medium * debian/rules: drop tests on all architectures -- Matteo F. Vescovi <mfv@debian.org> Fri, 12 Jun 2020 20:36:27 +0200 openexr (2.5.1-1) experimental; urgency=medium * New upstream release (Closes: #960439) - debian/control: SONAME bump 24 -> 25 * debian/rules: set cmake as build system -- Matteo F. Vescovi <mfv@debian.org> Thu, 21 May 2020 23:05:36 +0200 openexr (2.5.0-1) experimental; urgency=medium * New upstream release, fixing following security issues: + CVE-2020-11758: | An issue was discovered in OpenEXR before 2.4.1. There is an out-of- | bounds read in ImfOptimizedPixelReading.h. + CVE-2020-11759: | An issue was discovered in OpenEXR before 2.4.1. Because of integer | overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and | readSampleCountForLineBlock, an attacker can write to an out-of-bounds | pointer. + CVE-2020-11760: | An issue was discovered in OpenEXR before 2.4.1. There is an out-of- | bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. + CVE-2020-11761: | An issue was discovered in OpenEXR before 2.4.1. There is an out-of- | bounds read during Huffman uncompression, as demonstrated by | FastHufDecoder::refill in ImfFastHuf.cpp. + CVE-2020-11762: | An issue was discovered in OpenEXR before 2.4.1. There is an out-of- | bounds read and write in DwaCompressor::uncompress in | ImfDwaCompressor.cpp when handling the UNKNOWN compression case. + CVE-2020-11763: | An issue was discovered in OpenEXR before 2.4.1. There is an | std::vector out-of-bounds read and write, as demonstrated by | ImfTileOffsets.cpp. + CVE-2020-11764: | An issue was discovered in OpenEXR before 2.4.1. There is an out-of- | bounds write in copyIntoFrameBuffer in ImfMisc.cpp. + CVE-2020-11765: | An issue was discovered in OpenEXR before 2.4.1. There is an off-by- | one error in use of the ImfXdr.h read function by | DwaCompressor::Classifier::Classifier, leading to an out-of-bounds | read. * debian/watch: upstream URL updated * debian/control: - S-V bump 4.4.0 -> 4.5.0 (no changes needed) - RRR set - debhelper bump 12 -> 13 - cmake b-dep added * debian/patches/: patchset refreshed against v2.5.0 * debian/copyright: entries updated and refreshed * debian/libopenexr-dev.install: useless files dropped * debian/libopenexr-dev.dirs: useless file dropped * debian/openexr-doc.docs: installation path updated * debian/openexr.install: executables path updated * debian/libopenexr-dev.install: cmake helpers added * debian/openexr-doc.examples: installation paths updated -- Matteo F. Vescovi <mfv@debian.org> Mon, 11 May 2020 16:33:24 +0200 openexr (2.3.0-6) unstable; urgency=medium * Upload to unstable (Closes: #919036) * debian/: debhelper bump 11 -> 12 * debian/control: S-V bump 4.3.0 -> 4.4.0 (no changes needed) -- Matteo F. Vescovi <mfv@debian.org> Mon, 02 Sep 2019 16:23:00 +0200 # Older entries have been removed from this changelog. # To read the complete changelog use `apt changelog libopenexr-3-1-30`.
Generated by dwww version 1.15 on Sun Jun 16 02:26:39 CEST 2024.