Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openexr for openSUSE:Factory checked in at 2025-11-18 15:29:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openexr (Old) and /work/SRC/openSUSE:Factory/.openexr.new.2061 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openexr" Tue Nov 18 15:29:57 2025 rev:68 rq:1317761 version:3.4.3 Changes: -------- --- /work/SRC/openSUSE:Factory/openexr/openexr.changes 2025-10-21 11:15:34.864676584 +0200 +++ /work/SRC/openSUSE:Factory/.openexr.new.2061/openexr.changes 2025-11-18 15:31:21.161944529 +0100 @@ -1,0 +2,21 @@ +Tue Nov 11 09:16:50 UTC 2025 - [email protected] + +- version update to 3.4.3 + * Buffer overflow in PyOpenEXR_old's channels() and channel() in legacy python + * Use after free in PyObject_StealAttrString in legacy python + * Use of Uninitialized Memory in openexr + * Heap-based Buffer Overflow Remote Code Execution Vulnerability + * OSS-fuzz 456158449 Heap-buffer-overflow in generic_unpack + * OSS-fuzz 447429458 Heap-buffer-overflow in DwaCompressor_uncompress + * OSS-fuzz 439237843 Heap-buffer-overflow in internal_exr_undo_ht + * OSS-fuzz 436037111 Heap-buffer-overflow in generic_unpack + * OSS-fuzz 435779241 Heap-buffer-overflow in generic_unpack + * OSS-fuzz 420744464 Abrt in __cxxabiv1::failed_throw + * Fix a bug with re-reading a scanline file with a different set of channels. + * Only populate CMAKE_DEBUG_POSTFIX with _d if it is undefined, which makes + it possible to set CMAKE_DEBUG_POSTFIX="". +- fixes bsc#1253233 (CVE-2025-64181) + bsc#1253234 (CVE-2025-64182) + bsc#1253235 (CVE-2025-64183) + +------------------------------------------------------------------- Old: ---- v3.4.1.tar.gz New: ---- v3.4.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openexr.spec ++++++ --- /var/tmp/diff_new_pack.F83V1D/_old 2025-11-18 15:31:24.050067192 +0100 +++ /var/tmp/diff_new_pack.F83V1D/_new 2025-11-18 15:31:24.054067362 +0100 @@ -26,7 +26,7 @@ %endif Name: openexr -Version: 3.4.1 +Version: 3.4.3 Release: 0 Summary: Utilities for working with HDR images in OpenEXR format License: BSD-3-Clause ++++++ v3.4.1.tar.gz -> v3.4.3.tar.gz ++++++ /work/SRC/openSUSE:Factory/openexr/v3.4.1.tar.gz /work/SRC/openSUSE:Factory/.openexr.new.2061/v3.4.3.tar.gz differ: char 15, line 1
