[Git][security-tracker-team/security-tracker][master] Mark CVE-2017-14988/openexr as unimportant
Salvatore Bonaccorso
carnil at debian.org
Thu Nov 8 14:44:13 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6de06e04 by Salvatore Bonaccorso at 2018-11-08T14:41:59Z
Mark CVE-2017-14988/openexr as unimportant
Analysis of https://github.com/openexr/openexr/issues/248 upstream
indicates this is caused by an improper assumption from ImageMagick and
the security impact is actually negligable at most. Mark as unimportant
and ideally an involved party properly request a REJECT.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -58935,11 +58935,9 @@ CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in .
NOTE: https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/28bad01242898d7f863deedbfa8502c348293093
CVE-2017-14988 (Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote ...)
- - openexr <unfixed> (bug #878551)
- [stretch] - openexr <no-dsa> (Minor issue)
- [jessie] - openexr <no-dsa> (Minor issue)
- [wheezy] - openexr <postponed> (Should be fixed along in future update)
+ - openexr <unfixed> (bug #878551; unimportant)
NOTE: https://github.com/openexr/openexr/issues/248
+ NOTE: Issue in the use of openexr via ImageMagick, no real security impact
CVE-2017-14987
RESERVED
CVE-2017-14986
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6de06e045ca1e5bb4db711f2ad005a6f645a87e0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6de06e045ca1e5bb4db711f2ad005a6f645a87e0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181108/1f40f44c/attachment.html>
More information about the debian-security-tracker-commits
mailing list