[Git][security-tracker-team/security-tracker][master] CVE-2021-3605/openexr: stretch triage

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5e023bce by Sylvain Beucler at 2021-07-06T16:09:28+02:00
CVE-2021-3605/openexr: stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3239,10 +3239,11 @@ CVE-2021-34696
 CVE-2021-3605 [Heap buffer overflow in the rleUncompress function]
 	RESERVED
 	- openexr <unfixed>
-	[stretch] - openexr <postponed> (apparent duplicate of CVE-2020-11760, recheck when MITRE information is public)
+	[stretch] - openexr <postponed> (Minor issue, buffer read overflow, fix along next DLA)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1036
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/25259a84827234a283f6f9db72978198c7a3f268 (master)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3204008c0bd4c8d7599a052b304d1b44c4511283 (v2.5)
+	NOTE: not to be confused with CVE-2020-11760 whose fix is similar but applied around 10 lines above, in the other branch of the 'if'
 CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a vulnerability that can result in ...)
 	- libphp-phpmailer <unfixed>
 	[stretch] - libphp-phpmailer <postponed> (Minor issue, fix along with next DLA)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e023bcecaae09c492630b3528161a0621cf1f12

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e023bcecaae09c492630b3528161a0621cf1f12
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210706/855c3572/attachment.htm>