Version in base suite: 1.6.1-3
Version in overlay suite: (not present)

Base version: openexr_1.6.1-3
Target version: openexr_1.6.1-3+lenny3
Base file: /org/ftp.debian.org/ftp/pool/main/o/openexr/openexr_1.6.1-3.dsc
Target file: /org/ftp.debian.org/queue/p-u-new/openexr_1.6.1-3+lenny3.dsc

 debian/patches/CVE-2009-1720-1.diff    |   22 ++++++++
 debian/patches/CVE-2009-1720-2.diff    |   81 +++++++++++++++++++++++++++++++++
 debian/patches/CVE-2009-1721.diff      |   12 ++++
 debian/patches/disable_ilmimftest.diff |   22 ++++++++
 openexr-1.6.1/debian/changelog         |   30 ++++++++++++
 openexr-1.6.1/debian/control           |    4 -
 openexr-1.6.1/debian/patches/series    |    4 +
 7 files changed, 173 insertions(+), 2 deletions(-)

diff -u openexr-1.6.1/debian/control openexr-1.6.1/debian/control
--- openexr-1.6.1/debian/control
+++ openexr-1.6.1/debian/control
@@ -1,10 +1,10 @@
 Source: openexr
 Section: graphics
 Priority: optional
-Maintainer: Adeodato Simó <dato@net.com.org.es>
+Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
 Build-Depends: autotools-dev, cdbs, debhelper, dh-buildinfo, quilt, libilmbase-dev, zlib1g-dev
 Standards-Version: 3.7.3
-Uploaders: Andrew Lau <netsnipe@users.sourceforge.net>
+Uploaders: Cyril Brulebois <kibi@debian.org>
 Homepage: http://www.openexr.com
 Vcs-Git: git://git.debian.org/git/collab-maint/openexr.git
 Vcs-Browser: http://git.debian.org/?p=collab-maint/openexr.git
diff -u openexr-1.6.1/debian/changelog openexr-1.6.1/debian/changelog
--- openexr-1.6.1/debian/changelog
+++ openexr-1.6.1/debian/changelog
@@ -1,3 +1,33 @@
+openexr (1.6.1-3+lenny3) stable-security; urgency=low
+
+  * Rebuild with the right distribution, meh. :)
+
+ -- Cyril Brulebois <kibi@debian.org>  Mon, 27 Jul 2009 23:07:26 +0200
+
+openexr (1.6.1-3+lenny2) stable; urgency=low
+
+  * Rebuild to ensure the security upload finally appears.
+
+ -- Cyril Brulebois <kibi@debian.org>  Sun, 26 Jul 2009 03:16:06 +0200
+
+openexr (1.6.1-3+lenny1) stable; urgency=low
+
+  * Security update for the following CVEs:
+     - CVE-2009-1720 (Integer overflows in Imf::PreviewImage::PreviewImage
+       and integer overflows in compressor constructors):
+        - debian/patches/CVE-2009-1720-1.diff
+        - debian/patches/CVE-2009-1720-2.diff
+     - CVE-2009-1721 (Fix freeing uninitialized pointers in
+       Imf::hufUncompress):
+        - debian/patches/CVE-2009-1721.diff
+    In addition to the proposed fixes, add a <climits> include for files
+    where limits are used to detect possible overflows.
+  * Update Maintainer/Uploaders, that's a maintainer upload.
+  * Disable IlmImfTest for now since it's giving headaches on hppa and
+    sparc.
+
+ -- Cyril Brulebois <kibi@debian.org>  Sat, 25 Jul 2009 21:12:39 +0200
+
 openexr (1.6.1-3) unstable; urgency=medium
 
   * Disable (hopefully temporarily) the test suite on arm and ia64.
diff -u openexr-1.6.1/debian/patches/series openexr-1.6.1/debian/patches/series
--- openexr-1.6.1/debian/patches/series
+++ openexr-1.6.1/debian/patches/series
@@ -1,0 +2,4 @@
+CVE-2009-1720-1.diff
+CVE-2009-1720-2.diff
+CVE-2009-1721.diff
+disable_ilmimftest.diff
only in patch2:
unchanged:
--- openexr-1.6.1.orig/debian/patches/CVE-2009-1721.diff
+++ openexr-1.6.1/debian/patches/CVE-2009-1721.diff
@@ -0,0 +1,12 @@
+Fix freeing uninitialized pointers in Imf::hufUncompress, CVE-2009-1721.
+--- a/IlmImf/ImfAutoArray.h
++++ b/IlmImf/ImfAutoArray.h
+@@ -57,7 +57,7 @@ namespace Imf {
+     {
+       public:
+ 
+-	 AutoArray (): _data (new T [size]) {}
++	 AutoArray (): _data (new T [size]) {memset(_data, 0, size * sizeof(T));}
+ 	~AutoArray () {delete [] _data;}
+ 
+ 	operator T * ()			{return _data;}
only in patch2:
unchanged:
--- openexr-1.6.1.orig/debian/patches/disable_ilmimftest.diff
+++ openexr-1.6.1/debian/patches/disable_ilmimftest.diff
@@ -0,0 +1,22 @@
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -5,7 +5,7 @@
+ ACLOCAL_AMFLAGS = -I m4
+ 
+ SUBDIRS = config IlmImf \
+-	  IlmImfTest IlmImfFuzzTest exrheader exrmaketiled IlmImfExamples doc \
++	  IlmImfFuzzTest exrheader exrmaketiled IlmImfExamples doc \
+ 	  exrstdattr exrmakepreview exrenvmap
+ 
+ DIST_SUBDIRS = \
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -203,7 +203,7 @@ target_alias = @target_alias@
+ # (an alternative to the acinclude.m4 mechanism)
+ ACLOCAL_AMFLAGS = -I m4
+ SUBDIRS = config IlmImf \
+-	  IlmImfTest IlmImfFuzzTest exrheader exrmaketiled IlmImfExamples doc \
++	  IlmImfFuzzTest exrheader exrmaketiled IlmImfExamples doc \
+ 	  exrstdattr exrmakepreview exrenvmap
+ 
+ DIST_SUBDIRS = \
only in patch2:
unchanged:
--- openexr-1.6.1.orig/debian/patches/CVE-2009-1720-2.diff
+++ openexr-1.6.1/debian/patches/CVE-2009-1720-2.diff
@@ -0,0 +1,81 @@
+Fix integer overflows in compressor constructors, CVE-2009-1720 [2/2].
+--- a/IlmImf/ImfPizCompressor.cpp
++++ b/IlmImf/ImfPizCompressor.cpp
+@@ -53,6 +53,7 @@
+ #include <ImfAutoArray.h>
+ #include <string.h>
+ #include <assert.h>
++#include <climits>
+ 
+ namespace Imf {
+ 
+@@ -181,6 +182,9 @@ PizCompressor::PizCompressor
+     _channels (hdr.channels()),
+     _channelData (0)
+ {
++    if ((unsigned) maxScanLineSize > (INT_MAX - 65536 - 8192) / (unsigned) numScanLines)
++        throw InputExc ("Error: maxScanLineSize * numScanLines would overflow.");
++
+     _tmpBuffer = new unsigned short [maxScanLineSize * numScanLines / 2];
+     _outBuffer = new char [maxScanLineSize * numScanLines + 65536 + 8192];
+ 
+--- a/IlmImf/ImfPxr24Compressor.cpp
++++ b/IlmImf/ImfPxr24Compressor.cpp
+@@ -73,6 +73,7 @@
+ #include <zlib.h>
+ #include <assert.h>
+ #include <algorithm>
++#include <climits>
+ 
+ using namespace std;
+ using namespace Imath;
+@@ -187,6 +188,9 @@ Pxr24Compressor::Pxr24Compressor (const 
+ {
+     int maxInBytes = maxScanLineSize * numScanLines;
+ 
++    if ((unsigned) maxScanLineSize > INT_MAX / (unsigned) numScanLines)
++        throw Iex::InputExc ("Error: maxScanLineSize * numScanLines would overflow.");
++
+     _tmpBuffer = new unsigned char [maxInBytes];
+     _outBuffer = new char [int (ceil (maxInBytes * 1.01)) + 100];
+ 
+--- a/IlmImf/ImfRleCompressor.cpp
++++ b/IlmImf/ImfRleCompressor.cpp
+@@ -41,6 +41,7 @@
+ //-----------------------------------------------------------------------------
+ 
+ #include <ImfRleCompressor.h>
++#include <climits>
+ #include "Iex.h"
+ 
+ namespace Imf {
+@@ -164,6 +165,9 @@ RleCompressor::RleCompressor (const Head
+     _tmpBuffer (0),
+     _outBuffer (0)
+ {
++    if ((unsigned) maxScanLineSize > INT_MAX / 3)
++        throw Iex::InputExc ("Error: maxScanLineSize * 3 would overflow");
++
+     _tmpBuffer = new char [maxScanLineSize];
+     _outBuffer = new char [maxScanLineSize * 3 / 2];
+ }
+--- a/IlmImf/ImfZipCompressor.cpp
++++ b/IlmImf/ImfZipCompressor.cpp
+@@ -43,6 +43,7 @@
+ #include <ImfZipCompressor.h>
+ #include "Iex.h"
+ #include <zlib.h>
++#include <climits>
+ 
+ namespace Imf {
+ 
+@@ -58,6 +59,9 @@ ZipCompressor::ZipCompressor
+     _tmpBuffer (0),
+     _outBuffer (0)
+ {
++    if ((unsigned) maxScanLineSize > INT_MAX / (unsigned) numScanLines)
++        throw Iex::InputExc ("Error: maxScanLineSize * numScanLines would overflow.");
++
+     _tmpBuffer =
+ 	new char [maxScanLineSize * numScanLines];
+ 
only in patch2:
unchanged:
--- openexr-1.6.1.orig/debian/patches/CVE-2009-1720-1.diff
+++ openexr-1.6.1/debian/patches/CVE-2009-1720-1.diff
@@ -0,0 +1,22 @@
+Fix integer overflow in Imf::PreviewImage::PreviewImage, CVE-2009-1720 [1/2].
+--- a/IlmImf/ImfPreviewImage.cpp
++++ b/IlmImf/ImfPreviewImage.cpp
+@@ -40,6 +40,7 @@
+ //-----------------------------------------------------------------------------
+ 
+ #include <ImfPreviewImage.h>
++#include <climits>
+ #include "Iex.h"
+ 
+ namespace Imf {
+@@ -51,6 +52,10 @@ PreviewImage::PreviewImage (unsigned int
+ {
+     _width = width;
+     _height = height;
++
++    if ((_height && (_width > UINT_MAX / _height)) || (_width * _height > UINT_MAX / sizeof(PreviewRgba)))
++        throw Iex::ArgExc ("Invalid height and width.");
++
+     _pixels = new PreviewRgba [_width * _height];
+ 
+     if (pixels)