[Git][security-tracker-team/security-tracker][master] CVE-2020-15305,CVE-2020-15306/openexr: precise affected versions

Thu Jun 24 21:38:26 BST 2021


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c905c8ef by Sylvain Beucler at 2021-06-24T22:38:05+02:00
CVE-2020-15305,CVE-2020-15306/openexr: precise affected versions

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -76448,14 +76448,14 @@ CVE-2020-15306 (An issue was discovered in OpenEXR before v2.5.2. Invalid chunkC
 	{DSA-4755-1 DLA-2358-1}
 	[experimental] - openexr 2.5.2-1
 	- openexr 2.5.3-2
-	[jessie] - openexr <no-dsa> (Minor issue)
+	[jessie] - openexr <not-affected> (getChunkOffsetTableSize introduced in v2)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/738
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/6a9f8af6e89547bcd370ae3cec2b12849eee0b54
 CVE-2020-15305 (An issue was discovered in OpenEXR before 2.5.2. Invalid input could c ...)
 	{DSA-4755-1 DLA-2358-1}
 	[experimental] - openexr 2.5.2-1
 	- openexr 2.5.3-2
-	[jessie] - openexr <no-dsa> (Minor issue)
+	[jessie] - openexr <not-affected> (ImfDeepScanLineInputFile.cpp introduced in v2)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/730
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3d03979dc101612e806cdf0b011475d9fa685a73
 CVE-2020-15304 (An issue was discovered in OpenEXR before 2.5.2. An invalid tiled inpu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c905c8ef6261017893be07eeb84a9b5aee560d02

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c905c8ef6261017893be07eeb84a9b5aee560d02
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210624/6b232f7e/attachment.htm>
