[Git][security-tracker-team/security-tracker][master] CVE-2021-23215/openexr: reference 2.x patches

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd7f1962 by Sylvain Beucler at 2021-07-03T13:10:15+02:00
CVE-2021-23215/openexr: reference 2.x patches

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10676,7 +10676,9 @@ CVE-2021-23215 (An integer overflow leading to a heap-buffer overflow was found
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947586
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29653
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/901
-	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0e08c959c5459e2ffd3b81b654c3ce8b71a4b42c
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0e08c959c5459e2ffd3b81b654c3ce8b71a4b42c (v3.0)
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/de27156b77896aeef5b1c99edbca2bc4fa784b51 (v2.5)
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (v2.5)
 CVE-2021-23169 (A heap-buffer overflow was found in the copyIntoFrameBuffer function o ...)
 	- openexr 2.5.4-2 (bug #988240)
 	[buster] - openexr <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd7f19625dcf45abd378d93e2ac4ce83e656efe8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd7f19625dcf45abd378d93e2ac4ce83e656efe8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210703/a6cd9c89/attachment.htm>