[Git][security-tracker-team/security-tracker][master] Add CVE-2021-20304/openexr

Thu Jul 15 08:11:05 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fe47c2a5 by Salvatore Bonaccorso at 2021-07-15T09:10:32+02:00
Add CVE-2021-20304/openexr

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40216,8 +40216,12 @@ CVE-2021-20305 (A flaw was found in Nettle in versions before 3.7.2, where sever
 	NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/ae3801a0e5cce276c270973214385c86048d5f7b
 	NOTE: Fix canonical reduction in gostdsa_vko:
 	NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/63f222c60b03470c0005aa9bc4296fbf585f68b9
-CVE-2021-20304
+CVE-2021-20304 [Undefined-shift in Imf_2_5::hufDecode]
 	RESERVED
+	- openexr 2.5.4-1
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/849
 CVE-2021-20303 [Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer]
 	RESERVED
 	- openexr 2.5.4-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe47c2a5186ea181ab37dfce57be9fd124ef3bdd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe47c2a5186ea181ab37dfce57be9fd124ef3bdd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210715/a6dab395/attachment.htm>
