Control: tags 1094398 + patch Control: tags 1094398 + pending Control: tags 1127246 + patch Control: tags 1127246 + pending
Dear maintainer, I've prepared an NMU for openimageio (versioned as 2.5.19.1+dfsg-1.1) and uploaded it to DELAYED/15. Please feel free to tell me if I should cancel it. cu Adrian
diffstat for openimageio-2.5.19.1+dfsg openimageio-2.5.19.1+dfsg changelog | 9 ++ control | 1 patches/0001-fix-more-ICC-protections-against-invalid-tag-sizes-4.patch | 43 ++++++++++ patches/series | 1 4 files changed, 53 insertions(+), 1 deletion(-) diff -Nru openimageio-2.5.19.1+dfsg/debian/changelog openimageio-2.5.19.1+dfsg/debian/changelog --- openimageio-2.5.19.1+dfsg/debian/changelog 2025-12-31 13:08:24.000000000 +0200 +++ openimageio-2.5.19.1+dfsg/debian/changelog 2026-04-05 09:28:40.000000000 +0300 @@ -1,3 +1,12 @@ +openimageio (2.5.19.1+dfsg-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Remove stale libboost-system-dev build dependency. + (Closes: #1127246) + * CVE-2024-55192: Heap overflow. (Closes: #1094398) + + -- Adrian Bunk <[email protected]> Sun, 05 Apr 2026 09:28:40 +0300 + openimageio (2.5.19.1+dfsg-1) unstable; urgency=medium * Team upload diff -Nru openimageio-2.5.19.1+dfsg/debian/control openimageio-2.5.19.1+dfsg/debian/control --- openimageio-2.5.19.1+dfsg/debian/control 2025-12-31 12:54:58.000000000 +0200 +++ openimageio-2.5.19.1+dfsg/debian/control 2026-04-05 09:28:40.000000000 +0300 @@ -10,7 +10,6 @@ libboost-filesystem-dev, libboost-python-dev, libboost-regex-dev, - libboost-system-dev, libboost-thread-dev, libbz2-dev, libdcmtk-dev, diff -Nru openimageio-2.5.19.1+dfsg/debian/patches/0001-fix-more-ICC-protections-against-invalid-tag-sizes-4.patch openimageio-2.5.19.1+dfsg/debian/patches/0001-fix-more-ICC-protections-against-invalid-tag-sizes-4.patch --- openimageio-2.5.19.1+dfsg/debian/patches/0001-fix-more-ICC-protections-against-invalid-tag-sizes-4.patch 1970-01-01 02:00:00.000000000 +0200 +++ openimageio-2.5.19.1+dfsg/debian/patches/0001-fix-more-ICC-protections-against-invalid-tag-sizes-4.patch 2026-04-05 09:28:40.000000000 +0300 @@ -0,0 +1,43 @@ +From cbf855e220f2ad71feac58b727139f8aadedcbeb Mon Sep 17 00:00:00 2001 +From: Larry Gritz <[email protected]> +Date: Fri, 20 Dec 2024 11:06:52 -0800 +Subject: fix: more ICC protections against invalid tag sizes (#4565) + +Signed-off-by: Larry Gritz <[email protected]> +--- + src/libOpenImageIO/icc.cpp | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/libOpenImageIO/icc.cpp b/src/libOpenImageIO/icc.cpp +index 8dc75f2e9..a4b3022fe 100644 +--- a/src/libOpenImageIO/icc.cpp ++++ b/src/libOpenImageIO/icc.cpp +@@ -319,6 +319,12 @@ decode_icc_profile(cspan<uint8_t> iccdata, ImageSpec& spec, std::string& error) + if (typesignature == "text") { + // For text, the first 4 bytes are "text", the next 4 are 0, then + // byte 8-end are the zero-terminated string itself. ++ if (tag.size < 8) { ++ error = format( ++ "ICC profile tag {} appears to contain corrupted/invalid data", ++ signature); ++ return false; ++ } + spec.attribute(tagname, string_view((const char*)iccdata.data() + + tag.offset + 8, + tag.size - 8)); +@@ -326,6 +332,12 @@ decode_icc_profile(cspan<uint8_t> iccdata, ImageSpec& spec, std::string& error) + // I don't see this in the spec, but I've seen it in practice: + // first 4 bytes are "desc", next 8 are unknown, then 12-end are + // zero-terminated string itself. ++ if (tag.size < 12) { ++ error = format( ++ "ICC profile tag {} appears to contain corrupted/invalid data", ++ signature); ++ return false; ++ } + spec.attribute(tagname, string_view((const char*)iccdata.data() + + tag.offset + 12, + tag.size - 12)); +-- +2.47.3 + diff -Nru openimageio-2.5.19.1+dfsg/debian/patches/series openimageio-2.5.19.1+dfsg/debian/patches/series --- openimageio-2.5.19.1+dfsg/debian/patches/series 1970-01-01 02:00:00.000000000 +0200 +++ openimageio-2.5.19.1+dfsg/debian/patches/series 2026-04-05 09:28:40.000000000 +0300 @@ -0,0 +1 @@ +0001-fix-more-ICC-protections-against-invalid-tag-sizes-4.patch
