openexr (3.1.5-5) unstable; urgency=medium
* Team upload.
[ Andreas Metzler ]
* Make versioning of libilmbase-dev Breaks/Replaces binNMU-safe.
(Closes: #1033617)
[ Matteo F. Vescovi ]
* debian/control: S-V bump 4.6.1 -> 4.6.2 (no changes needed)
-- Matteo F. Vescovi <mfv@debian.org> Sun, 23 Apr 2023 18:46:33 +0200
openexr (3.1.5-4) unstable; urgency=medium
* d/control: Add missing zlib1g-dev dependency. Closes: #1017516
* d/control: Run wrap-and-sort
* d/control: Bump Std-Vers to 4.6.1 no changes needed
-- Mathieu Malaterre <malat@debian.org> Wed, 17 Aug 2022 12:44:50 +0200
openexr (3.1.5-3) unstable; urgency=medium
* d/control: Add missing Breaks/Replaces on libilmbase-dev. Closes: #1009308
-- Mathieu Malaterre <malat@debian.org> Wed, 17 Aug 2022 09:32:51 +0200
openexr (3.1.5-2) unstable; urgency=medium
* Upload to unstable.
-- Mathieu Malaterre <malat@debian.org> Tue, 16 Aug 2022 18:52:29 +0200
openexr (3.1.5-1) experimental; urgency=medium
* Team upload.
[ Mathieu Malaterre ]
* d/rules: Do not always build documentation
[ Matteo F. Vescovi ]
* New upstream release
* debian/control: drop myself from Uploaders
-- Matteo F. Vescovi <mfv@debian.org> Thu, 28 Apr 2022 00:02:26 +0200
openexr (3.1.4-1) experimental; urgency=medium
* New upstream release
-- Matteo F. Vescovi <mfv@debian.org> Fri, 04 Feb 2022 00:00:31 +0100
openexr (3.1.3-2) experimental; urgency=medium
* debian/control: move Indep deps to Arch-dependent
-- Matteo F. Vescovi <mfv@debian.org> Fri, 03 Dec 2021 21:59:58 +0100
openexr (3.1.3-1) experimental; urgency=medium
* New upstream release
- debian/: SONAME bump 2 -> 3
- debian/patches/: patchset dropped (obsolete)
* debian/control:
- S-V bump 4.5.1 -> 4.6.0 (no changes needed)
- Homepage field updated
* debian/: documentation files re-worked massively
* debian/rules: script simplified
* debian/upstream/metadata: new file added
* debian/copyright: entries updated
* debian/libopenexr25.lintian-overrides: file dropped
* debian/openexr.maintscript: file dropped
* debian/libopenexr-dev.maintscript: file dropped
-- Matteo F. Vescovi <mfv@debian.org> Wed, 24 Nov 2021 14:23:19 +0100
openexr (2.5.7-1) unstable; urgency=medium
* New upstream release
- debian/control: bump libilmbase-dev version
- debian/patches/series: drop CVE-2021-23169.diff
(applied upstream)
This release addresses following security issues:
+ CVE-2021-26260 and CVE-2021-23215
| An integer overflow leading to a heap-buffer overflow
| was found in the DwaCompressor of OpenEXR in versions
| before 3.0.1. An attacker could use this flaw to crash
| an application compiled with OpenEXR.
+ CVE-2021-3605 and CVE-2021-3598
| There's a flaw in OpenEXR's rleUncompress functionality
| in versions prior to 3.0.5. An attacker who is able to
| submit a crafted file to an application linked with
| OpenEXR could cause an out-of-bounds read.
| The greatest risk from this flaw is to application
| availability.
* debian/watch: change path and narrow down search
-- Matteo F. Vescovi <mfv@debian.org> Sat, 28 Aug 2021 22:20:22 +0200
openexr (2.5.4-2) unstable; urgency=high
* debian/patches/: patchset updated
- CVE-2021-23169.diff added (Closes: #988240)
| This patch aims to fix CVE-2021-23169:
| Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
| The patch applied is a reduced version of the upstream
| commit, given the code base has changed in the meanwhile.
-- Matteo F. Vescovi <mfv@debian.org> Tue, 18 May 2021 23:26:12 +0200
openexr (2.5.4-1) unstable; urgency=medium
* New upstream release
* debian/watch: parameters updated
* debian/control:
- S-V bump 4.5.0 -> 4.5.1 (no changes needed)
- set minimal ilmbase lib to v2.5.4
-- Matteo F. Vescovi <mfv@debian.org> Thu, 21 Jan 2021 23:24:00 +0100
openexr (2.5.3-2) unstable; urgency=medium
* Upload to unstable (Closes: #959444)
-- Matteo F. Vescovi <mfv@debian.org> Fri, 21 Aug 2020 22:56:55 +0200
openexr (2.5.3-1) experimental; urgency=medium
* New upstream release
-- Matteo F. Vescovi <mfv@debian.org> Fri, 14 Aug 2020 20:54:17 +0200
openexr (2.5.2-2) experimental; urgency=medium
* debian/control: strict versioning against libilmbase-dev
-- Matteo F. Vescovi <mfv@debian.org> Thu, 06 Aug 2020 20:18:22 +0200
openexr (2.5.2-1) experimental; urgency=medium
* New upstream release
-- Matteo F. Vescovi <mfv@debian.org> Thu, 06 Aug 2020 17:38:22 +0200
openexr (2.5.1-2) experimental; urgency=medium
* debian/rules: drop tests on all architectures
-- Matteo F. Vescovi <mfv@debian.org> Fri, 12 Jun 2020 20:36:27 +0200
openexr (2.5.1-1) experimental; urgency=medium
* New upstream release (Closes: #960439)
- debian/control: SONAME bump 24 -> 25
* debian/rules: set cmake as build system
-- Matteo F. Vescovi <mfv@debian.org> Thu, 21 May 2020 23:05:36 +0200
openexr (2.5.0-1) experimental; urgency=medium
* New upstream release, fixing following security issues:
+ CVE-2020-11758:
| An issue was discovered in OpenEXR before 2.4.1. There is an out-of-
| bounds read in ImfOptimizedPixelReading.h.
+ CVE-2020-11759:
| An issue was discovered in OpenEXR before 2.4.1. Because of integer
| overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and
| readSampleCountForLineBlock, an attacker can write to an out-of-bounds
| pointer.
+ CVE-2020-11760:
| An issue was discovered in OpenEXR before 2.4.1. There is an out-of-
| bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
+ CVE-2020-11761:
| An issue was discovered in OpenEXR before 2.4.1. There is an out-of-
| bounds read during Huffman uncompression, as demonstrated by
| FastHufDecoder::refill in ImfFastHuf.cpp.
+ CVE-2020-11762:
| An issue was discovered in OpenEXR before 2.4.1. There is an out-of-
| bounds read and write in DwaCompressor::uncompress in
| ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
+ CVE-2020-11763:
| An issue was discovered in OpenEXR before 2.4.1. There is an
| std::vector out-of-bounds read and write, as demonstrated by
| ImfTileOffsets.cpp.
+ CVE-2020-11764:
| An issue was discovered in OpenEXR before 2.4.1. There is an out-of-
| bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
+ CVE-2020-11765:
| An issue was discovered in OpenEXR before 2.4.1. There is an off-by-
| one error in use of the ImfXdr.h read function by
| DwaCompressor::Classifier::Classifier, leading to an out-of-bounds
| read.
* debian/watch: upstream URL updated
* debian/control:
- S-V bump 4.4.0 -> 4.5.0 (no changes needed)
- RRR set
- debhelper bump 12 -> 13
- cmake b-dep added
* debian/patches/: patchset refreshed against v2.5.0
* debian/copyright: entries updated and refreshed
* debian/libopenexr-dev.install: useless files dropped
* debian/libopenexr-dev.dirs: useless file dropped
* debian/openexr-doc.docs: installation path updated
* debian/openexr.install: executables path updated
* debian/libopenexr-dev.install: cmake helpers added
* debian/openexr-doc.examples: installation paths updated
-- Matteo F. Vescovi <mfv@debian.org> Mon, 11 May 2020 16:33:24 +0200
openexr (2.3.0-6) unstable; urgency=medium
* Upload to unstable (Closes: #919036)
* debian/: debhelper bump 11 -> 12
* debian/control: S-V bump 4.3.0 -> 4.4.0 (no changes needed)
-- Matteo F. Vescovi <mfv@debian.org> Mon, 02 Sep 2019 16:23:00 +0200
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog libopenexr-3-1-30`.
Generated by dwww version 1.15 on Sun Jun 16 02:26:39 CEST 2024.