Your message dated Sun, 16 Feb 2025 17:49:35 +0000
with message-id <[email protected]>
and subject line Bug#1094398: fixed in openimageio 2.5.18.0+dfsg-1
has caused the Debian Bug report #1094398,
regarding openimageio: CVE-2024-55192
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1094398: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094398
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openimageio
Version: 2.5.16.0+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4550
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for openimageio.
CVE-2024-55192[0]:
| OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow
| via the component
| OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-55192
https://www.cve.org/CVERecord?id=CVE-2024-55192
[1] https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4550
[2]
https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/57de4554d119a9adab8ef5c51ff7841fb6f97041
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openimageio
Source-Version: 2.5.18.0+dfsg-1
Done: Matteo F. Vescovi <[email protected]>
We believe that the bug you reported is fixed in the latest version of
openimageio, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matteo F. Vescovi <[email protected]> (supplier of updated openimageio package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 16 Feb 2025 17:33:32 +0100
Source: openimageio
Architecture: source
Version: 2.5.18.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: Matteo F. Vescovi <[email protected]>
Closes: 1094398 1094408 1094410 1094411
Changes:
openimageio (2.5.18.0+dfsg-1) unstable; urgency=medium
.
* New upstream release
(Closes: #1094398, #1094408, #1094410, #1094411)
This release addresses the following security issues:
CVE-2024-55192, CVE-2024-55193, CVE-2024-55194, CVE-2024-55195
Checksums-Sha1:
4f87c9ddc362a31c8efb35e3e2a58b5ede8464ed 3008 openimageio_2.5.18.0+dfsg-1.dsc
cfedca9871ef8a715cb38589daec000c11d5b81a 44959560
openimageio_2.5.18.0+dfsg.orig.tar.xz
c8949b7efc15784d4a8170f1163aed5091e6cb62 17728
openimageio_2.5.18.0+dfsg-1.debian.tar.xz
e5e1750476f3b004c0e69536f70c6c1dee1eddbd 8005
openimageio_2.5.18.0+dfsg-1_source.buildinfo
Checksums-Sha256:
3674d51e73a1755909f336d6ae332a6b6b602b06ce1a7bb36f22d1804579800d 3008
openimageio_2.5.18.0+dfsg-1.dsc
0dc2185aac5e01a2e5a1a804f558c1190ea048650a7fedef1033a1616abcac80 44959560
openimageio_2.5.18.0+dfsg.orig.tar.xz
c50d8d4a12849ab6d8c2796668dd661c4f909dd4c482b8a69ba9a88bc35f1ae2 17728
openimageio_2.5.18.0+dfsg-1.debian.tar.xz
f69b48766b8d869214e928205b1f07e6d4256eec644ece7c7d8757f2397272aa 8005
openimageio_2.5.18.0+dfsg-1_source.buildinfo
Files:
a24fac3647444a68bf29bff5e1ef57f2 3008 libs optional
openimageio_2.5.18.0+dfsg-1.dsc
1caa3b383b35c51942abd3a70e97188c 44959560 libs optional
openimageio_2.5.18.0+dfsg.orig.tar.xz
8c1f9cdc8b33068b7ba919842948a5a6 17728 libs optional
openimageio_2.5.18.0+dfsg-1.debian.tar.xz
fb1d2091ba614a0162b8e064ca9ed6c1 8005 libs optional
openimageio_2.5.18.0+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
Comment: Debian powered!
iQKTBAEBCgB9FiEE890J+NqH0d9QRsmbBhL0lE7NzVoFAmeyGJBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYz
REQwOUY4REE4N0QxREY1MDQ2Qzk5QjA2MTJGNDk0NEVDRENENUEACgkQBhL0lE7N
zVoxXxAArrDC+75jlfKYmTs5lpG/S4dcoFKf/2V55QpN121GbC4ELqULQubK434L
DC2odUx/WF/lPoChLR//tGnpLfFrkCJoWS0PZZTBB6SCLq7veG90o0PkqGd2lVnD
Vr3r3iEpe0yrMfGOge+ZF0WZYWzmCphf0na0G5BEDWnki6hLEfdoupk7j0BXAKGs
MktJzcNX89/8LB0qsrlVLvNEMObtbnAjUTvzbzvvIJi8sqRUfF+MMEPfEEwayYqh
+RXlMmUZzeoBEvYaljGd6H/K73lxSdBx8Qr4bOPbWzR/sUHHM4gFUyxwqmRtvv1c
oIMhf+JDLcbN2yPh1FuTeVe+nmfW8ngR5mmkL37plXHaQ8I3GoaER66yGP1Cxv7P
Q09Ee6XTonQiSKMlJnMhcaZOLrtswDt8pQ1y+DJLR16QnuI2u5VDhMux4yPwfufM
0wnOhf3XtxriyUKZErPmhmv5VuvVVNArSc0720aljwvUMHxe+RQztjHYT/It1nCq
ZVNc++zDeSe6KCaPuCFpHfZnpP+s/jgfrilIp75bNYPRVZw9YTAjp+df050x5XS/
5kz3i5xgZlxmugGYdsFrdhYdq6IMPpablErmZcemn8ibsSNqIBoRWUA8QfcSJaPG
/JNChIhDidXXHOKGUS0b23A2wRAmHWk51+IOT+PNjpI7g0d1MAs=
=Il0q
-----END PGP SIGNATURE-----
pgpG3QLwCPsB1.pgp
Description: PGP signature
--- End Message ---
