[Git][security-tracker-team/security-tracker][master] Track fixes for openexr via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 17 08:59:15 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
65d4e5d3 by Salvatore Bonaccorso at 2022-08-17T09:58:43+02:00
Track fixes for openexr via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -46986,7 +46986,7 @@ CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCI
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml
CVE-2021-45942 (OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1 ...)
[experimental] - openexr 3.1.4-1
- - openexr <unfixed> (bug #1014828)
+ - openexr 3.1.5-2 (bug #1014828)
[buster] - openexr <no-dsa> (Minor issue)
[stretch] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416
@@ -56361,7 +56361,7 @@ CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $reques
NOT-FOR-US: Apache Apisix
CVE-2021-3941 (In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division o ...)
[experimental] - openexr 3.1.3-1
- - openexr <unfixed> (bug #1014828)
+ - openexr 3.1.5-2 (bug #1014828)
[stretch] - openexr <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019789
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39084
@@ -56548,7 +56548,7 @@ CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special Eleme
NOT-FOR-US: ohmyzsh
CVE-2021-3933 (An integer overflow could occur when OpenEXR processes a crafted file ...)
[experimental] - openexr 3.1.3-1
- - openexr <unfixed> (bug #1014828)
+ - openexr 3.1.5-2 (bug #1014828)
[stretch] - openexr <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019783
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38912
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65d4e5d3341a77e9e777ec615e51667b7387e073
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65d4e5d3341a77e9e777ec615e51667b7387e073
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220817/e7e4f783/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list