[Git][security-tracker-team/security-tracker][master] openexr triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jul 8 16:32:05 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4880b7e9 by Moritz Muehlenhoff at 2021-07-08T15:00:25+02:00
openexr triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10965,6 +10965,7 @@ CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29423
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/894
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/088a61434568cedf3ac1521c44584be397909078
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (2.5)
CVE-2021-23215 (An integer overflow leading to a heap-buffer overflow was found in the ...)
{DLA-2701-1}
- openexr <unfixed>
@@ -15563,25 +15564,23 @@ CVE-2021-3480 (A flaw was found in slapi-nis in versions before 0.56.7. A NULL p
NOTE: https://pagure.io/slapi-nis/c/c7417ea2d534712e559b56ed45baa91c5d3d44db?branch=master
CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in versions bef ...)
{DLA-2701-1}
- - openexr <unfixed> (bug #986796)
- [bullseye] - openexr <no-dsa> (Minor issue)
+ - openexr 2.5.4-1 (bug #986796)
[buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/830
CVE-2021-3478 (There's a flaw in OpenEXR's scanline input file functionality in versi ...)
{DLA-2701-1}
- - openexr <unfixed> (bug #986796)
- [bullseye] - openexr <no-dsa> (Minor issue)
+ - openexr 2.5.4-1 (bug #986796)
[buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939160
- NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/bc88cdb6c97fbf5bc5d11ad8ca55306da931283a
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/bc88cdb6c97fbf5bc5d11ad8ca55306da931283a (master)
NOTE: Depends on prior v3 checks https://github.com/AcademySoftwareFoundation/openexr/commit/0963ff1c4fcb3e748a9386685622747bfef00eb1
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0c2b46f630a3b5f2f561c2849d047ee39f899179 (2.5)
CVE-2021-3477 (There's a flaw in OpenEXR's deep tile sample size calculations in vers ...)
{DLA-2701-1}
- - openexr <unfixed> (bug #986796)
- [bullseye] - openexr <no-dsa> (Minor issue)
+ - openexr 2.5.4-1 (bug #986796)
[buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939159
@@ -16164,22 +16163,19 @@ CVE-2021-29425 (In Apache Commons IO before 2.7, When invoking the method FileNa
NOTE: https://issues.apache.org/jira/browse/IO-556
CVE-2021-3476 (A flaw was found in OpenEXR's B44 uncompression functionality in versi ...)
{DLA-2701-1}
- - openexr <unfixed> (bug #986796)
- [bullseye] - openexr <no-dsa> (Minor issue)
+ - openexr 2.5.4-1 (bug #986796)
[buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9
CVE-2021-3475 (There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker ...)
{DLA-2701-1}
- - openexr <unfixed> (bug #986796)
- [bullseye] - openexr <no-dsa> (Minor issue)
+ - openexr 2.5.4-1 (bug #986796)
[buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753
CVE-2021-3474 (There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted inp ...)
{DLA-2701-1}
- - openexr <unfixed> (bug #986796)
- [bullseye] - openexr <no-dsa> (Minor issue)
+ - openexr 2.5.4-1 (bug #986796)
[buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f
@@ -39058,8 +39054,7 @@ CVE-2021-20297 (A flaw was found in NetworkManager in versions before 1.30.0. Se
NOTE: Fixed by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/420784e342da4883f6debdfe10cde68507b10d27
CVE-2021-20296 (A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted i ...)
{DLA-2701-1}
- - openexr <unfixed> (bug #986796)
- [bullseye] - openexr <no-dsa> (Minor issue)
+ - openexr 2.5.4-1 (bug #986796)
[buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4880b7e914fe53de82a774f7bbe3701ec48b78c1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4880b7e914fe53de82a774f7bbe3701ec48b78c1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210708/c5cae22d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list