[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for openexr issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 13 06:36:54 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a2374694 by Salvatore Bonaccorso at 2022-07-13T07:36:12+02:00
Add Debian bug reference for openexr issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -39957,7 +39957,7 @@ CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCI
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml
CVE-2021-45942 (OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1 ...)
[experimental] - openexr 3.1.4-1
- - openexr <unfixed>
+ - openexr <unfixed> (bug #1014828)
[buster] - openexr <no-dsa> (Minor issue)
[stretch] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416
@@ -49292,7 +49292,7 @@ CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $reques
NOT-FOR-US: Apache Apisix
CVE-2021-3941 (In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division o ...)
[experimental] - openexr 3.1.3-1
- - openexr <unfixed>
+ - openexr <unfixed> (bug #1014828)
[stretch] - openexr <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019789
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39084
@@ -49479,7 +49479,7 @@ CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special Eleme
NOT-FOR-US: ohmyzsh
CVE-2021-3933 (An integer overflow could occur when OpenEXR processes a crafted file ...)
[experimental] - openexr 3.1.3-1
- - openexr <unfixed>
+ - openexr <unfixed> (bug #1014828)
[stretch] - openexr <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019783
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38912
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2374694b523c8b079ce31c2f14185403d085255
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2374694b523c8b079ce31c2f14185403d085255
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220713/03a2eb04/attachment.htm>
More information about the debian-security-tracker-commits
mailing list