[Git][security-tracker-team/security-tracker][master] CVE-2020-11758, CVE-2020-11759, CVE-2020-11761, CVE-2020-11762, CVE-2020-11765/ope...
Sylvain Beucler (@beuc)
beuc at debian.org
Wed Jun 23 18:25:23 BST 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d91efac4 by Sylvain Beucler at 2021-06-23T19:24:04+02:00
CVE-2020-11758,CVE-2020-11759,CVE-2020-11761,CVE-2020-11762,CVE-2020-11765/openexr: precise affected versions
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -86907,10 +86907,11 @@ CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an off
{DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- openexr 2.5.3-2 (bug #959444)
- [jessie] - openexr <no-dsa> (Minor issue)
+ [jessie] - openexr <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a
+ NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/7f0c9e256f34cac5a31e9d9cce00ccc898f49f3b (v2.2.0)
CVE-2020-11764 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
{DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
@@ -86930,17 +86931,19 @@ CVE-2020-11762 (An issue was discovered in OpenEXR before 2.4.1. There is an out
{DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- openexr 2.5.3-2 (bug #959444)
- [jessie] - openexr <no-dsa> (Minor issue)
+ [jessie] - openexr <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a
+ NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/7f0c9e256f34cac5a31e9d9cce00ccc898f49f3b (v2.2.0)
CVE-2020-11761 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
{DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- openexr 2.5.3-2 (bug #959444)
- [jessie] - openexr <no-dsa> (Minor issue)
+ [jessie] - openexr <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b1c34c496b62117115b1089b18a44e0031800a09
+ NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/7f0c9e256f34cac5a31e9d9cce00ccc898f49f3b (v2.2.0)
CVE-2020-11760 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
{DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
@@ -86952,15 +86955,16 @@ CVE-2020-11759 (An issue was discovered in OpenEXR before 2.4.1. Because of inte
{DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- openexr 2.5.3-2 (bug #959444)
- [jessie] - openexr <no-dsa> (Minor issue)
+ [jessie] - openexr <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b9997d0c045fa01af3d2e46e1a74b07cc4519446
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/acad98d6d3e787f36012a3737c23c42c7f43a00f
+ NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0)
CVE-2020-11758 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
{DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- openexr 2.5.3-2 (bug #959444)
- [jessie] - openexr <no-dsa> (Minor issue)
+ [jessie] - openexr <not-affected> (SSE support introduced in v2.0)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/7a52d40ae23c148f27116cb1f6e897b9143b372c
CVE-2020-11757
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d91efac427f72fbd9d767fb498dcf32979d34b65
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d91efac427f72fbd9d767fb498dcf32979d34b65
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210623/8785fce3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list