debian/changelog: fixed CVE entries added

Gbp-Dch: Ignore

debian/changelog

 openexr (2.5.0-1) UNRELEASED; urgency=medium
 
-  * New upstream release
+  * New upstream release, fixing following security issues:
+    + CVE-2020-11758:
+    | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-
+    | bounds read in ImfOptimizedPixelReading.h.
+
+    + CVE-2020-11759:
+    | An issue was discovered in OpenEXR before 2.4.1. Because of integer
+    | overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and
+    | readSampleCountForLineBlock, an attacker can write to an out-of-bounds
+    | pointer.
+
+    + CVE-2020-11760:
+    | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-
+    | bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
+
+    + CVE-2020-11761:
+    | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-
+    | bounds read during Huffman uncompression, as demonstrated by
+    | FastHufDecoder::refill in ImfFastHuf.cpp.
+
+    + CVE-2020-11762:
+    | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-
+    | bounds read and write in DwaCompressor::uncompress in
+    | ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
+
+    + CVE-2020-11763:
+    | An issue was discovered in OpenEXR before 2.4.1. There is an
+    | std::vector out-of-bounds read and write, as demonstrated by
+    | ImfTileOffsets.cpp.
+
+    + CVE-2020-11764:
+    | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-
+    | bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
+
+    + CVE-2020-11765:
+    | An issue was discovered in OpenEXR before 2.4.1. There is an off-by-
+    | one error in use of the ImfXdr.h read function by
+    | DwaCompressor::Classifier::Classifier, leading to an out-of-bounds
+    | read.
+
   * debian/watch: upstream URL updated
 
  -- Matteo F. Vescovi <mfv@debian.org>  Sun, 10 May 2020 20:38:45 +0200