openSUSE has issued an advisory on August 19: https://lists.opensuse.org/opensuse-updates/2019-08/msg00141.html Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Assigning this globally as the package has no registered maintainer.
Assignee: bugsquad => pkg-bugs
Done for both mga7 and Cauldron!
CC: (none) => geiger.david68210
Suggested advisory: ======================== The updated packages fix a security vulnerability: Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. (CVE-2017-14988) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14988 https://lists.opensuse.org/opensuse-updates/2019-08/msg00141.html ======================== Updated packages in core/updates_testing: ======================== openexr-2.3.0-2.1.mga7 lib(64)ilmimf2_3_24-2.3.0-2.1.mga7 lib(64)openexr-devel-2.3.0-2.1.mga7 from SRPMS: openexr-2.3.0-2.1.mga7.src.rpm
Version: Cauldron => 7CC: (none) => nicolas.salgueroAssignee: pkg-bugs => qa-bugsWhiteboard: MGA7TOO => (none)Status: NEW => ASSIGNEDCVE: (none) => CVE-2017-14988
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref to bug 20192 Comment 9 for test files and bug 24759 for a few commands. Some progress as I now find out that the files can be viewed in okular and gwenview. So from LuminanceChroma folder: $ exrheader MtTamNorth.exr file MtTamNorth.exr: file format version: 2, flags 0x0 channels (type chlist): BY, 16-bit floating-point, sampling 2 2 RY, 16-bit floating-point, sampling 2 2 Y, 16-bit floating-point, sampling 1 1 compression (type compression): piz dataWindow (type box2i): (0 0) - (1197 795) displayWindow (type box2i): (0 0) - (1197 795) lineOrder (type lineOrder): increasing y owner (type string): "Copyright 2004 Industrial Light & Magic" pixelAspectRatio (type float): 1 preview (type preview): 100 by 66 pixels screenWindowCenter (type v2f): (0 0) screenWindowWidth (type float): 1 type (type string): "scanlineimage" and $ exrmakepreview MtTamNorth.exr test.exr the file test.exr displays same as original file in okular and gwenview and $ exrheader test.exr file test.exr: file format version: 2, flags 0x0 channels (type chlist): BY, 16-bit floating-point, sampling 2 2 RY, 16-bit floating-point, sampling 2 2 Y, 16-bit floating-point, sampling 1 1 compression (type compression): piz dataWindow (type box2i): (0 0) - (1197 795) displayWindow (type box2i): (0 0) - (1197 795) lineOrder (type lineOrder): increasing y owner (type string): "Copyright 2004 Industrial Light & Magic" pixelAspectRatio (type float): 1 preview (type preview): 100 by 66 pixels screenWindowCenter (type v2f): (0 0) screenWindowWidth (type float): 1 type (type string): "scanlineimage" which is also the same, and that could be expected as $ exrmakepreview -h usage: exrmakepreview [options] infile outfile Reads an OpenEXR image from infile, generates a preview image, adds it to the image's header, and saves the result in outfile. Infile and outfile must not refer to the same file (the program cannot edit an image file "in place"). Good enough for me.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Keywords: (none) => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0373.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED