[Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2020-16587 in openexr for stretch LTS.

Fri Dec 11 10:16:21 GMT 2020


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e152b7e4 by Chris Lamb at 2020-12-11T10:13:56+00:00
Triage CVE-2020-16587 in openexr for stretch LTS.

- - - - -
79950a50 by Chris Lamb at 2020-12-11T10:15:50+00:00
data/dla-needed.txt: Triage openexr for stretch LTS (CVE-2020-16588 CVE-2020-16589).

- - - - -
f13a436b by Chris Lamb at 2020-12-11T10:16:05+00:00
data/dla-needed.txt: Claim openexr.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -32865,6 +32865,7 @@ CVE-2020-16588 (A Null Pointer Deference issue exists in Academy Software Founda
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/493
 CVE-2020-16587 (A heap-based buffer overflow vulnerability exists in Academy Software  ...)
 	- openexr 2.5.3-2
+	[stretch] - openexr <not-affected> (Vulnerable code not present, part number range checking added later)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/8b5370c688a7362673c3a5256d93695617a4cd9a (v2.4.0-beta.1)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/491
 CVE-2020-16586


=====================================
data/dla-needed.txt
=====================================
@@ -99,6 +99,8 @@ open-build-service
 opendmarc
   NOTE: 20200719: no patches for remaining CVEs available, everything else is already done in Stretch (thorsten)
 --
+openexr (Chris Lamb)
+--
 openjpeg2 (Thorsten Alteholz)
 --
 openssl (Emilio)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c6bc0e0acb962e3fec624f786657f1587497655e...f13a436b6150bb1db88b2267b200754a9f138120

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c6bc0e0acb962e3fec624f786657f1587497655e...f13a436b6150bb1db88b2267b200754a9f138120
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201211/29f20c36/attachment.html>
