[Git][security-tracker-team/security-tracker][master] Revert "Triage CVE-2020-16587 in openexr for stretch LTS."

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee5bdd73 by Sylvain Beucler at 2021-06-24T22:56:44+02:00
Revert "Triage CVE-2020-16587 in openexr for stretch LTS."

This reverts commit e152b7e42940e7a2fea74e98cb50c047b9940e4b.

Given that the reproducer crashes in stretch in the same function as the report,
we can assume that something needs to be fixed.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -73095,7 +73095,6 @@ CVE-2020-16588 (A Null Pointer Deference issue exists in Academy Software Founda
 CVE-2020-16587 (A heap-based buffer overflow vulnerability exists in Academy Software  ...)
 	- openexr 2.5.3-2
 	[buster] - openexr <no-dsa> (Minor issue)
-	[stretch] - openexr <not-affected> (Vulnerable code not present, part number range checking added later)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/8b5370c688a7362673c3a5256d93695617a4cd9a (v2.4.0-beta.1)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/491
 CVE-2020-16586



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee5bdd73e526a830fd4a965b52c7fddf82f267dd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee5bdd73e526a830fd4a965b52c7fddf82f267dd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210624/b5ff92a5/attachment.htm>