[Git][security-tracker-team/security-tracker][master] Revert "Triage CVE-2020-16587 in openexr for stretch LTS."
Sylvain Beucler (@beuc)
beuc at debian.org
Thu Jun 24 21:57:03 BST 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ee5bdd73 by Sylvain Beucler at 2021-06-24T22:56:44+02:00
Revert "Triage CVE-2020-16587 in openexr for stretch LTS."
This reverts commit e152b7e42940e7a2fea74e98cb50c047b9940e4b.
Given that the reproducer crashes in stretch in the same function as the report,
we can assume that something needs to be fixed.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -73095,7 +73095,6 @@ CVE-2020-16588 (A Null Pointer Deference issue exists in Academy Software Founda
CVE-2020-16587 (A heap-based buffer overflow vulnerability exists in Academy Software ...)
- openexr 2.5.3-2
[buster] - openexr <no-dsa> (Minor issue)
- [stretch] - openexr <not-affected> (Vulnerable code not present, part number range checking added later)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/8b5370c688a7362673c3a5256d93695617a4cd9a (v2.4.0-beta.1)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/491
CVE-2020-16586
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee5bdd73e526a830fd4a965b52c7fddf82f267dd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee5bdd73e526a830fd4a965b52c7fddf82f267dd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210624/b5ff92a5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list