[Git][security-tracker-team/security-tracker][master] Track fix via experimental for openexr issues

Salvatore Bonaccorso carnil at debian.org
Mon May 11 21:31:09 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e4f7080b by Salvatore Bonaccorso at 2020-05-11T22:30:02+02:00
Track fix via experimental for openexr issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3279,39 +3279,46 @@ CVE-2020-11767 (Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak is
 CVE-2020-11766
 	RESERVED
 CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...)
+	[experimental] - openexr 2.5.0-1
 	- openexr <unfixed> (bug #959444)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a
 CVE-2020-11764 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
+	[experimental] - openexr 2.5.0-1
 	- openexr <unfixed> (bug #959444)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e7c26f6ef5bf7ae8ea21ecf19963186cd1391720
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/a6408c90339bdf19f89476578d7f936b741be9b2
 CVE-2020-11763 (An issue was discovered in OpenEXR before 2.4.1. There is an std::vect ...)
+	[experimental] - openexr 2.5.0-1
 	- openexr <unfixed> (bug #959444)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
 	TODO: check fixing commit
 CVE-2020-11762 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
+	[experimental] - openexr 2.5.0-1
 	- openexr <unfixed> (bug #959444)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a
 CVE-2020-11761 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
+	[experimental] - openexr 2.5.0-1
 	- openexr <unfixed> (bug #959444)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b1c34c496b62117115b1089b18a44e0031800a09
 CVE-2020-11760 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
+	[experimental] - openexr 2.5.0-1
 	- openexr <unfixed> (bug #959444)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3
 CVE-2020-11759 (An issue was discovered in OpenEXR before 2.4.1. Because of integer ov ...)
+	[experimental] - openexr 2.5.0-1
 	- openexr <unfixed> (bug #959444)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
@@ -3319,6 +3326,7 @@ CVE-2020-11759 (An issue was discovered in OpenEXR before 2.4.1. Because of inte
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/acad98d6d3e787f36012a3737c23c42c7f43a00f
 	TODO: check completeness for upstream commits to cover CVE-2020-11759
 CVE-2020-11758 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
+	[experimental] - openexr 2.5.0-1
 	- openexr <unfixed> (bug #959444)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4f7080baa499bfebea14175b7d58aed45320d12

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4f7080baa499bfebea14175b7d58aed45320d12
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200511/56ec3c64/attachment.html>

More information about the debian-security-tracker-commits mailing list