Sponsored the sync for Antoine:
New changes:
opencolorio (2.5.1+dfsg-1) experimental; urgency=medium
[ Matteo F. Vescovi ]
* New upstream release (Closes: #1125416)
This release addresses CVE-2025-15506:
| A vulnerability was found in AcademySoftwareFoundation OpenColorIO
| up to 2.5.0. This issue affects the function
| ConvertToRegularExpression of the file
| src/OpenColorIO/FileRules.cpp. Performing a manipulation results in
| out-of-bounds read. The attack needs to be approached locally. The
| exploit has been made public and could be used.
* debian/: SONAME bump 2.1 -> 2.5
* debian/control:
- b-dep switch pkg-config -> pkgconf
- libminizip-ng-dev b-dep added
- strict versioning for pystring added
- S-V bump 4.6.1 -> 4.7.3 (no changes needed)
- Priority field dropped (obsolete)
- RRR field dropped (obsolete)
* debian/watch: v4 -> v5 switch
* debian/python3-pyopencolorio.install: path fixed
* debian/libopencolorio2.5.lintian-overrides: file dropped (useless)
[ Jordan Justen ]
* d/patches: Update patches for v2.5.1
* d/rules: Stop deleting Findyaml-cpp.cmake.
Ref: c075bff0 ("Import Debian changes 2.1.2+dfsg1-4.1")
-- Matteo F. Vescovi <[email protected]> Sat, 14 Feb 2026 17:26:26 +0100
Sponsoring this sync for Antoine Lassagne (antoinelassagne)
** CVE added: https://cve.org/CVERecord?id=CVE-2025-15506
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2143132
Title:
[FFE] Debian sync with 2.5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/opencolorio/+bug/2143132/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
