CVE-2017-9111

Note

see suse bug for reproducer with exrmakepreview
first patch in upstream bug doesn't cover this CVE

The patch for this issue was dropped during the focal
development cycle by mistake.

Package	Release	Status
openexr Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Released (2.2.0-11.1ubuntu1.1)
	cosmic	Ignored (reached end-of-life)
	disco	Released (2.2.1-4.1ubuntu0.1)
	eoan	Released (2.2.1-4.1ubuntu0.1)
	focal	Released (2.3.0-6ubuntu0.1)
	precise	Does not exist
	trusty	Does not exist (trusty was deferred [2019-05-27])
	upstream	Needs triage
	xenial	Released (2.2.0-10ubuntu2.1)
	zesty	Ignored (reached end-of-life)
	Patches: upstream: https://github.com/openexr/openexr/commit/4aa6a4e0fcd52b220c71807307b9139966c3644c (2.4) upstream: https://github.com/openexr/openexr/commit/6a41400b47d574a5fc6133b9a7139bcd7b59d585 (2.4) upstream: https://github.com/openexr/openexr/commit/119eb2d4672e5c77a79929758f7e4c566f47c794 (2.4) upstream: https://github.com/openexr/openexr/commit/45f9912e6cfa0617ec2054d96d1e1e73fad4a62a (2.3) upstream: https://github.com/openexr/openexr/commit/a7eec54765e9122b78a6c34bb9d5bf744631bea2 (2.3) upstream: https://github.com/openexr/openexr/commit/ec64836c2312b13034149acab499c112bd289cd9 (2.3)

Notes