[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2017-9110,CVE-2017-9112,CVE-2017-9116/openexr: reference upstream patch
Sylvain Beucler (@beuc)
beuc at debian.org
Mon Jun 21 23:04:46 BST 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4ce36a2a by Sylvain Beucler at 2021-06-22T00:04:05+02:00
CVE-2017-9110,CVE-2017-9112,CVE-2017-9116/openexr: reference upstream patch
- - - - -
26012d62 by Sylvain Beucler at 2021-06-22T00:04:07+02:00
CVE-2017-9111,CVE-2017-9113,CVE-2017-9114,CVE-2017-9115,CVE-2018-18444/openexr: reference upstream patchset
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -176933,6 +176933,7 @@ CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of
- openexr 2.5.3-2 (unimportant)
NOTE: Issue in exrmultiview which is not installed in the binary package.
NOTE: https://github.com/openexr/openexr/issues/351
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0)
CVE-2018-18443 (OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/Ilm ...)
- openexr 2.5.3-2 (unimportant)
NOTE: https://github.com/openexr/openexr/issues/350
@@ -253127,6 +253128,7 @@ CVE-2017-9116 (In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress fun
[jessie] - openexr <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1)
CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator functio ...)
{DSA-4755-1 DLA-2358-1}
- openexr 2.5.3-2 (bug #873885)
@@ -253134,6 +253136,7 @@ CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator fu
[wheezy] - openexr <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0)
CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ...)
{DSA-4755-1 DLA-2358-1}
- openexr 2.5.3-2 (bug #873885)
@@ -253141,6 +253144,7 @@ CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill functio
[wheezy] - openexr <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
+ NOTE: Same patchset as CVE-2017-9111/9113/9115
CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels ...)
{DSA-4755-1 DLA-2358-1}
- openexr 2.5.3-2 (low; bug #873885)
@@ -253148,12 +253152,14 @@ CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadP
[wheezy] - openexr <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0)
CVE-2017-9112 (In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ...)
{DLA-2358-1 DLA-1083-1}
- openexr 2.2.0-11.1 (bug #864078)
[jessie] - openexr <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1)
CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function ...)
{DSA-4755-1 DLA-2358-1}
- openexr 2.5.3-2 (bug #873885)
@@ -253161,12 +253167,14 @@ CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE func
[wheezy] - openexr <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0)
CVE-2017-9110 (In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function ...)
{DLA-2358-1 DLA-1083-1}
- openexr 2.2.0-11.1 (bug #864078)
[jessie] - openexr <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1)
CVE-2017-9109 (An issue was discovered in adns before 1.5.2. It fails to ignore appar ...)
- adns 1.6.0-2 (unimportant)
NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=fcf2b4e1faf22accb6184cca595aaee602839868
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/937faf5c4fc0d2baf7f387d47796c93683c00183...26012d62d182adf2d76882327facf64c37c68266
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/937faf5c4fc0d2baf7f387d47796c93683c00183...26012d62d182adf2d76882327facf64c37c68266
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210621/f7753150/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list