Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package openexr This new revision aims to fix the CVE-2021-23169, regarding the Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer. [ Reason ] Framebuffer didn't handle images with nonzero dataWindow.min.x!=0 and xSampling!=1, as well as in exrcheck's stream object, calling seekg() with a bad value would still seek to a bad position, even though it threw an exception, so a future read would segfault [ Impact ] The fix should handle xsampling and bad seekg() calls in exrcheck, that in previous Debian revision weren't managed yet. [ Tests ] Tests were made upstream, back in December 2020. [ Risks ] Very low risk for regressions. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock openexr/2.5.4-2 -- Matteo F. Vescovi || Debian Developer GnuPG KeyID: 4096R/0x8062398983B2CF7A
diff -Nru openexr-2.5.4/debian/changelog openexr-2.5.4/debian/changelog
--- openexr-2.5.4/debian/changelog 2021-01-21 23:24:00.000000000 +0100
+++ openexr-2.5.4/debian/changelog 2021-05-18 23:26:12.000000000 +0200
@@ -1,3 +1,14 @@
+openexr (2.5.4-2) unstable; urgency=high
+
+ * debian/patches/: patchset updated
+ - CVE-2021-23169.diff added (Closes: #988240)
+ | This patch aims to fix CVE-2021-23169:
+ | Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer
+ | The patch applied is a reduced version of the upstream
+ | commit, given the code base has changed in the meanwhile.
+
+ -- Matteo F. Vescovi <mfv@debian.org> Tue, 18 May 2021 23:26:12 +0200
+
openexr (2.5.4-1) unstable; urgency=medium
* New upstream release
diff -Nru openexr-2.5.4/debian/patches/CVE-2021-23169.diff openexr-2.5.4/debian/patches/CVE-2021-23169.diff
--- openexr-2.5.4/debian/patches/CVE-2021-23169.diff 1970-01-01 01:00:00.000000000 +0100
+++ openexr-2.5.4/debian/patches/CVE-2021-23169.diff 2021-05-18 23:21:27.000000000 +0200
@@ -0,0 +1,19 @@
+Author: peterhillman <peterh@wetafx.co.nz>
+Date: Thu Dec 3 10:53:32 2020 +1300
+Subject: Handle xsampling and bad seekg() calls in exrcheck
+Origin: https://github.com/AcademySoftwareFoundation/openexr/pull/872
+Bug-Debian: https://bugs.debian.org/988240
+
+diff --git a/OpenEXR/IlmImf/ImfDeepTiledInputFile.cpp b/OpenEXR/IlmImf/ImfDeepTiledInputFile.cpp
+index f5abe9c6..94452905 100644
+--- a/OpenEXR/IlmImf/ImfDeepTiledInputFile.cpp
++++ b/OpenEXR/IlmImf/ImfDeepTiledInputFile.cpp
+@@ -960,7 +960,7 @@ DeepTiledInputFile::compatibilityInitialize(OPENEXR_IMF_INTERNAL_NAMESPACE::IStr
+ void
+ DeepTiledInputFile::multiPartInitialize(InputPartData* part)
+ {
+- if (isTiled(part->header.type()) == false)
++ if (part->header.type() != DEEPTILE)
+ THROW (IEX_NAMESPACE::ArgExc, "Can't build a DeepTiledInputFile from a part of type " << part->header.type());
+
+ _data->_streamData = part->mutex;
diff -Nru openexr-2.5.4/debian/patches/series openexr-2.5.4/debian/patches/series
--- openexr-2.5.4/debian/patches/series 2020-05-10 23:13:25.000000000 +0200
+++ openexr-2.5.4/debian/patches/series 2021-05-18 23:03:57.000000000 +0200
@@ -11,3 +11,4 @@
#CVE-2017-911x.patch
am_foreign_set_global.diff
bug909865.patch
+CVE-2021-23169.diff
Attachment:
signature.asc
Description: PGP signature