[Bug 1205031] VUL-0: CVE-2022-41639,CVE-2022-41988: OpenImageIO: TIFF: buffer overflow when processing corrupted CMYK files
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1205031
https://bugzilla.suse.com/show_bug.cgi?id=1205031#c4
--- Comment #4 from Hans-Peter Jansen
(In reply to Hans-Peter Jansen from comment #2)
Hi Carlos,
since you created all these bugs against OpenImageIO today, I've started updating OpenImageIO to 2.4.5.0 in my home project, and will commit https://build.opensuse.org/request/show/1033496 upon successful tests.
Is there any (newer) issue dangling after this update?
Thanks! I don't think so, that would be all of them.
Just a heads up: the new OIIO build requires an OSL update in order to not fail with some obscure build failure there: [ 95s] /home/abuild/rpmbuild/BUILD/OpenShadingLanguage-1.12.6.2/build/src/testshade/testshade_llvm_compiled_rs.bc.cpp:34437:6: error: expected primary-expression at end of input [ 95s] 34437 | 0x73, [ 95s] | ^ [ 95s] /home/abuild/rpmbuild/BUILD/OpenShadingLanguage-1.12.6.2/build/src/testshade/testshade_llvm_compiled_rs.bc.cpp:34437:6: error: expected '}' at end of input [ 95s] /home/abuild/rpmbuild/BUILD/OpenShadingLanguage-1.12.6.2/build/src/testshade/testshade_llvm_compiled_rs.bc.cpp:2:52: note: to match this '{' [ 95s] 2 | unsigned char testshade_llvm_compiled_rs_block[] = { [ 95s] | ^ [ 95s] make[2]: *** [src/testshade/CMakeFiles/testshade.dir/build.make:255: src/testshade/CMakeFiles/testshade.dir/testshade_llvm_compiled_rs.bc.cpp.o] Error 1 [ 95s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/OpenShadingLanguage-1.12.6.2/build' [ 95s] make[2]: *** Waiting for unfinished jobs.... I prepared: https://build.opensuse.org/request/show/1033529 https://build.opensuse.org/request/show/1033582 now, but since OBS is under fire, it will take some time to succeed the build in my home project to be able to do proper testing. Will check for it tomorrow, and if all went well, commit the SRs. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com