Your message dated Sun, 29 Oct 2023 15:05:44 +0000
with message-id <e1qx7mg-004quj...@fasolo.debian.org>
and subject line Bug#1054873: fixed in openimageio 2.4.16.0+dfsg-1
has caused the Debian Bug report #1054873,
regarding openimageio: CVE-2023-42295
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1054873: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054873
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: openimageio
Version: 2.4.14.0+dfsg-1
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/3947
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for openimageio.
CVE-2023-42295[0]:
| An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to
| execute arbitrary code and cause a denial of service via the
| read_rle_image function of file bifs/unquantize.c
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-42295
https://www.cve.org/CVERecord?id=CVE-2023-42295
[1] https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/3947
[2]
https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/672ed4c445ebefd5581974c27e28ef717fb6c401
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openimageio
Source-Version: 2.4.16.0+dfsg-1
Done: Matteo F. Vescovi <m...@debian.org>
We believe that the bug you reported is fixed in the latest version of
openimageio, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1054...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matteo F. Vescovi <m...@debian.org> (supplier of updated openimageio package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 29 Oct 2023 14:50:00 +0100
Source: openimageio
Architecture: source
Version: 2.4.16.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<pkg-phototools-de...@lists.alioth.debian.org>
Changed-By: Matteo F. Vescovi <m...@debian.org>
Closes: 1054873
Changes:
openimageio (2.4.16.0+dfsg-1) unstable; urgency=medium
.
* New upstream release (Closes: #1054873)
* debian/watch: upstream URL updated
Checksums-Sha1:
c3613b839cf2d6e45494b6a1f81a214364d9fde6 2996 openimageio_2.4.16.0+dfsg-1.dsc
4c1aebb0a9f6a005d809acb20507920e3e5fd34d 40379252
openimageio_2.4.16.0+dfsg.orig.tar.xz
94b1ea966c6b41c25dd4845fcde3953e77494796 17912
openimageio_2.4.16.0+dfsg-1.debian.tar.xz
ebe3ad02bddfef2cef51da0e1bcf098fb26634ba 7762
openimageio_2.4.16.0+dfsg-1_source.buildinfo
Checksums-Sha256:
285f51811a42a781491d90189f59f6948c6dc6b811ab67e5f583eaa9dab6d708 2996
openimageio_2.4.16.0+dfsg-1.dsc
b4ead8843afb10b8a166eacf3902c7abd71902e0b02f9b0ad004a7347e90dbed 40379252
openimageio_2.4.16.0+dfsg.orig.tar.xz
c5f8f117a84e7da2bbba952699511ff6a1816d19a746f580c9466abb971d7982 17912
openimageio_2.4.16.0+dfsg-1.debian.tar.xz
973f8409de7d09b8e06b4391f707a0a743a94ceeb758e95957e279869934d2af 7762
openimageio_2.4.16.0+dfsg-1_source.buildinfo
Files:
b6fed27516b8bd5cbd7a641120c16f4c 2996 libs optional
openimageio_2.4.16.0+dfsg-1.dsc
b245de04c2e2f6e4634455613a9ab699 40379252 libs optional
openimageio_2.4.16.0+dfsg.orig.tar.xz
49c11b451bf4b4f5b49d7ccd8c6e7a51 17912 libs optional
openimageio_2.4.16.0+dfsg-1.debian.tar.xz
be8d1eb663530ad5bf8b013f17c65d24 7762 libs optional
openimageio_2.4.16.0+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
Comment: Debian powered!
iQKTBAEBCgB9FiEE890J+NqH0d9QRsmbBhL0lE7NzVoFAmU+bjFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYz
REQwOUY4REE4N0QxREY1MDQ2Qzk5QjA2MTJGNDk0NEVDRENENUEACgkQBhL0lE7N
zVq7RQ//Ws8FMxFEXd/ge7Ox6L/Y4yh3NpVT+hrHW/5lzD4Vh5xplOh6RpEohyk+
KDIKw3QFNH4F2XmCXgPTSFVtAofYb6pXfqvpbdTsox8Ymw1/h3QRrxKziRHiWMl+
DBHxwpub3wQ+GK0YxVFY2thQMOEudXE/7lQG009YyD/y0+ee7nsr/bcQ1vPrFkb1
Mo8PLfIf46KFcMewuQ7gigiSC8wgcuHTV8Zmu7chBxms9/4JRSr5SOVPZjNEanRJ
urFdFO9qkudSSPEXeaF9Kl55qSJgZiYFegWaY39IEAPPhzr9wvirj2QZWHHDCu3R
4lL5LrXjd/Po3cY+/J4asa/S9FQDn3ofgfrO5sOxQKbiFiOAL9otGqZdF5s/dMZ1
xe9kodbizUnbxNyyWj9VzrIkvVf/9N/TZHlgi5u9+hW0nx5JJ/J0wj/+dPcPycJy
6KiPbDw/Lvwtdijw2djXai40h3a6KW5Qi/Rr3aWwt2+UmIUy0Nbmt9i08qCRgCzd
Kg7JmssvO1vYj4evfZyYjdfRKzwG9bx7wZsclMFr01lvpmasuoN1F8cJOvk1ZpQo
rGHAg7zSW/mPs+jri/4TlhYt7WK2lm+pbNwhlA7fvUTaNCeLEwl4r9I+Rz9HCOWK
y0H2puOPcfMg/+lApqtef6eJHyhqMbqkAPQgDI7w2uIwOFjfSHM=
=GMXG
-----END PGP SIGNATURE-----
--- End Message ---
