Overview

File _patchinfo of Package patchinfo.12771

<patchinfo incident="12771">
  <issue tracker="cve" id="2020-11761"/>
  <issue tracker="cve" id="2020-11760"/>
  <issue tracker="cve" id="2020-11763"/>
  <issue tracker="cve" id="2020-11758"/>
  <issue tracker="cve" id="2020-11765"/>
  <issue tracker="cve" id="2020-11762"/>
  <issue tracker="cve" id="2020-11764"/>
  <issue tracker="bnc" id="1169549">VUL-1: CVE-2020-11762: openexr: out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case</issue>
  <issue tracker="bnc" id="1169575">VUL-1: CVE-2020-11765: OpenEXR,openexr: off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier</issue>
  <issue tracker="bnc" id="1146648">Please enable automatic testsuite during build of openexr</issue>
  <issue tracker="bnc" id="1169578">VUL-1: CVE-2020-11761: OpenEXR,openexr: out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp</issue>
  <issue tracker="bnc" id="1169576">VUL-1: CVE-2020-11763: OpenEXR,openexr: out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp</issue>
  <issue tracker="bnc" id="1169580">VUL-1: CVE-2020-11760: OpenEXR,openexr: out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp</issue>
  <issue tracker="bnc" id="1169573">VUL-1: CVE-2020-11758: OpenEXR,openexr: out-of-bounds read in ImfOptimizedPixelReading.h.</issue>
  <issue tracker="bnc" id="1169574">VUL-1: CVE-2020-11764: OpenEXR,openexr:  out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp</issue>
  <packager>pgajdos</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for openexr</summary>
  <description>This update for openexr provides the following fix:

Security issues fixed:

- CVE-2020-11765: Fixed an off-by-one error in use of the ImfXdr.h read function by DwaCompressor:Classifier:Classifier (bsc#1169575).
- CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574).
- CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576).
- CVE-2020-11762: Fixed an out-of-bounds read and write in DwaCompressor:uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case (bsc#1169549).
- CVE-2020-11761: Fixed an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder:refill in ImfFastHuf.cpp (bsc#1169578).
- CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580).
- CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573).

Non-security issue fixed:

- Enable tests when building the package on x86_64. (bsc#1146648)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places