- security update

* CVE-2018-18444 [bsc#1113455] + openexr-CVE-2018-18444.patch OBS-URL: https://build.opensuse.org/package/show/graphics/openexr?expand=0&rev=17
2018-11-07 11:02:53 +00:00 · 2018-11-07 11:02:53 +00:00 · 6c8b6b0f6f
commit 6c8b6b0f6f
parent 80f89c3aff
3 changed files with 22 additions and 0 deletions
--- a/openexr-CVE-2018-18444.patch
+++ b/openexr-CVE-2018-18444.patch
@ -0,0 +1,13 @@
+Index: openexr-2.3.0/exrmultiview/Image.h
+===================================================================
+--- openexr-2.3.0.orig/exrmultiview/Image.h	2018-08-10 03:35:00.000000000 +0200
+++ openexr-2.3.0/exrmultiview/Image.h	2018-11-07 09:07:48.072431858 +0100
+@@ -227,7 +227,7 @@ template <class T>
+ void
+ TypedImageChannel<T>::black ()
+ {
+-    memset(&_pixels[0][0],0,image().width()/_xSampling*image().height()/_ySampling*sizeof(T));
+    memset(&_pixels[0][0],0,image().width()/_xSampling*(image().height()/_ySampling)*sizeof(T));
+ }
+ 
+ 
--- a/openexr.changes
+++ b/openexr.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Nov  7 09:42:59 UTC 2018 - Petr Gajdos <pgajdos@suse.com>
+
+- security update
+  * CVE-2018-18444 [bsc#1113455]
+    + openexr-CVE-2018-18444.patch
+
 -------------------------------------------------------------------
 Tue Nov  6 09:35:55 UTC 2018 - Petr Gajdos <pgajdos@suse.com>

--- a/openexr.spec
+++ b/openexr.spec
@ -35,6 +35,7 @@ Source0:        https://github.com/openexr/openexr/releases/download/v%{version}
 Source1:        https://github.com/openexr/openexr/releases/download/v%{version}/openexr-%{version}.tar.gz.sig
 Source2:        baselibs.conf
 Source3:        openexr.keyring
+Patch0:         openexr-CVE-2018-18444.patch
 BuildRequires:  automake
 BuildRequires:  fltk-devel
 BuildRequires:  freeglut-devel
@ -133,6 +134,7 @@ This package contains documentation.

 %prep
 %setup -q
+%patch0 -p1

 %build
 export PTHREAD_LIBS="-lpthread"