[Git][security-tracker-team/security-tracker][master] 2 commits: openexr no-dsa
Moritz Muehlenhoff
jmm at debian.org
Sat Apr 3 22:39:56 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ad8405a5 by Moritz Muehlenhoff at 2021-04-03T23:37:18+02:00
openexr no-dsa
- - - - -
3c8ca454 by Moritz Muehlenhoff at 2021-04-03T23:39:30+02:00
bsdiff fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1042,14 +1042,16 @@ CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in version
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/830
CVE-2021-3478 (There's a flaw in OpenEXR's scanline input file functionality in versi ...)
- openexr <unfixed>
+ [buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939160
- TODO: check
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/bc88cdb6c97fbf5bc5d11ad8ca55306da931283a
CVE-2021-3477 (There's a flaw in OpenEXR's deep tile sample size calculations in vers ...)
- openexr <unfixed>
+ [buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939159
- TODO: check
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/467be80b75642efbbe6bdace558079f68c16acb1
CVE-2021-29645
RESERVED
CVE-2021-29644
@@ -65245,7 +65247,7 @@ CVE-2020-14317
CVE-2020-14316 (A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instanc ...)
NOT-FOR-US: KubeVirt
CVE-2020-14315 (A memory corruption vulnerability is present in bspatch as shipped in ...)
- - bsdiff <unfixed> (bug #964796)
+ - bsdiff 4.3-22 (bug #964796)
[buster] - bsdiff <no-dsa> (Minor issue)
[stretch] - bsdiff <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/09/2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/272cecec1b084fb4087c77496c794d6f6315cbf5...3c8ca4545eba46449b9710840d363e6399412af7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/272cecec1b084fb4087c77496c794d6f6315cbf5...3c8ca4545eba46449b9710840d363e6399412af7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210403/d915647d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list