openimageio_2.5.14.0+dfsg-1_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Thank you for your contribution to Debian.



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 09 Aug 2024 13:47:44 +0200
Source: openimageio
Architecture: source
Version: 2.5.14.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel at lists.alioth.debian.org>
Changed-By: Matteo F. Vescovi <mfv at debian.org>
Closes: 1076772
Changes:
 openimageio (2.5.14.0+dfsg-1) unstable; urgency=medium
 .
   * New upstream release (Closes: #1076772)
     Since v2.5.13.1, it fixes CVE-2024-40630:
     | OpenImageIO is a toolset for reading, writing, and manipulating
     | image files of any image file format relevant to VFX / animation via
     | a format-agnostic API with a feature set, scalability, and
     | robustness needed for feature film production. In affected versions
     | there is a bug in the heif input functionality of OpenImageIO.
     | Specifically, in `HeifInput::seek_subimage()`.  In the worst case,
     | this can lead to an information disclosure vulnerability,
     | particularly for programs that directly use the `ImageInput` APIs.
     | This bug has been addressed in commit `0a2dcb4c` which is included
     | in the 2.5.13.1 release. Users are advised to upgrade. There are no
     | known workarounds for this issue.
Checksums-Sha1:
 30ee52c4115027aa9429cba57ea98ec3b0165af9 3008 openimageio_2.5.14.0+dfsg-1.dsc
 448b6eff3c50a126aeb7b4d9ad9502c10814d4d3 44989204 openimageio_2.5.14.0+dfsg.orig.tar.xz
 f1cbb5fcbddfe1711c4b5ec633dc5a13e730f948 17712 openimageio_2.5.14.0+dfsg-1.debian.tar.xz
 d54e988e7f2a6af70dda00729dc66c20433fafe7 7988 openimageio_2.5.14.0+dfsg-1_source.buildinfo
Checksums-Sha256:
 ff0f3b94df3201e72f802b262606e42a2aa8d0e9858219982cae1e37c3bd6c2b 3008 openimageio_2.5.14.0+dfsg-1.dsc
 fc244c54f03e98301c89e2bdb395f3b6e2265dcfb4af0a00832131883bb4f279 44989204 openimageio_2.5.14.0+dfsg.orig.tar.xz
 137b9fabbe6ff65c555ebfb48cfe7be5d73de18edc86d3ceceb85518244e7566 17712 openimageio_2.5.14.0+dfsg-1.debian.tar.xz
 cc71113491a6644be4e9d29b2fcef6f3f82e64e2d413d05c6ec82a82184817e6 7988 openimageio_2.5.14.0+dfsg-1_source.buildinfo
Files:
 00aeea12cd41ddd31306d7dafd58af78 3008 libs optional openimageio_2.5.14.0+dfsg-1.dsc
 cbcefb048cd52591d648ea7eb6751777 44989204 libs optional openimageio_2.5.14.0+dfsg.orig.tar.xz
 5a199c7c2d8a771e7f732596f686158b 17712 libs optional openimageio_2.5.14.0+dfsg-1.debian.tar.xz
 e8eb163d6ba3cf0ebeb3fab023768422 7988 libs optional openimageio_2.5.14.0+dfsg-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----
Comment: Debian powered!

iQKTBAEBCgB9FiEE890J+NqH0d9QRsmbBhL0lE7NzVoFAma2AgFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYz
REQwOUY4REE4N0QxREY1MDQ2Qzk5QjA2MTJGNDk0NEVDRENENUEACgkQBhL0lE7N
zVrb1A//bOzNM8KRb5BAWvUD+fd9RGwu5drTHsvIiIVAohgy2BLR3I6DF7vWk6zA
UMwlzcnxNPJTecdLfuiQLBsORAjMV6dMP23042s+KhIqPDq6Lf1yivv5FtCqocaZ
qWhgyzRsk2NCzV76XCNlYgM7bjk0lHWHJ1mTsa/pnAWYcLSdRyuhomDNndNFgmrk
K+8ev4+BdvsT1zoQx6wZnvcruhCvG+SzfwfEJCiAZ92EYfuDbuZsHz6z52xpC4YF
6QDr7JQVNk9mJPP5dw1YJZaBwWx07/H+KNNaEUWTs/Bl3rJYqFMETvyMnmfNXNWx
xMtO8joEEcGjiiO4c7k4APtzzRnKCKDnpC+Ytzsi0e5R0h9NRhLZpLQutkRqjV7i
5YWD85i7GIOld4EkVPyPDj4+rHAUsf3JOQvS0YO9j1YS6lmUpcBzTLOBD1v4uRZR
AYUO5yHybXEfoa4yE/W/huMER6ns0ppbcXRqKsXnLrdi2SgNa7+1G0MYZFaU8m6p
kK7gBXZl1qXXrrwXxlQRTQEOjEvyruox+MCK6CoUyZoLY+AluZzRU8fEHVFDMtPl
hbonPY6tgJQ42R3+jy7ZCPhgQGLG1oNqsCGPG7BHsLREDRnw1EYCbadLS0IQlJKu
ln4NCyUQmkbTJnl0VdPPM+nsmULwBaKOSliL0KOC32kwkxGrll8=
=HfTu
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-phototools-devel/attachments/20240811/1d7657d9/attachment.sig>