Path to this page:
Subject: CVS commit: pkgsrc/graphics/openexr
From: Thomas Klausner
Date: 2024-02-25 16:56:52
Message id: 20240225155652.7A548FA27@cvs.NetBSD.org
Log Message:
openexr: update to 3.2.2.
## Version 3.2.2 (February 11, 2024)
Patch release that addresses
[CVE-2023-5841](https://takeonme.org/cves/CVE-2023-5841.html).
Note that this bug is present in the C++ API (since v3.1.0), although
it is in a routine that is predominantly used for development and
testing. It is not likely to appear in production code.
This release also addresses:
* OSS-fuzz [66491](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66491)
Out-of-memory in openexr_exrcorecheck_fuzzer
* OSS-fuzz [66489](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66489)
Null-dereference in `Imf_3_3::realloc_deepdata`
### Merged Pull Requests
* [1632](https://github.com/AcademySoftwareFoundation/openexr/pull/1632)
adjust checks for core to better match c++ checks
* [1630](https://github.com/AcademySoftwareFoundation/openexr/pull/1630)
fix issue with unpacking sample counts
* [1627](https://github.com/AcademySoftwareFoundation/openexr/pull/1627)
Fix CVE 2023 5841
Files: