[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2022-38143,openimageio: Link to pull request

Markus Koschany (@apo) apo at debian.org
Mon Mar 13 10:00:14 GMT 2023 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f25824d6 by Markus Koschany at 2023-03-06T01:31:29+01:00
CVE-2022-38143,openimageio: Link to pull request

- - - - -
07c4bf08 by Markus Koschany at 2023-03-13T10:59:07+01:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker

- - - - -
f9e00d58 by Markus Koschany at 2023-03-13T10:59:44+01:00
Update note for openimageio in dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -38931,6 +38931,7 @@ CVE-2022-41639 (A heap based buffer overflow vulnerability exists in tile decodi
 CVE-2022-38143 (A heap out-of-bounds write vulnerability exists in the way OpenImageIO ...)
 	- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1630
+	NOTE: https://github.com/OpenImageIO/oiio/pull/3620
 CVE-2022-36354 (A heap out-of-bounds read vulnerability exists in the RLA format parse ...)
 	- openimageio 2.3.21.0+dfsg-1 (bug #1027143)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629


=====================================
data/dla-needed.txt
=====================================
@@ -178,9 +178,10 @@ nvidia-graphics-drivers-legacy-390xx
   NOTE: 20230103: https://lists.debian.org/debian-lts/2023/01/msg00005.html
   NOTE: 20230111: VCS: https://salsa.debian.org/lts-team/packages/nvidia-graphics-drivers-legacy-390xx.git
 --
-openimageio
+openimageio (Markus Koschany)
   NOTE: 20221225: Programming language: C.
   NOTE: 20221225: VCS: https://salsa.debian.org/lts-team/packages/openimageio.git
+  NOTE: 20220313: will be released today (apo)
 --
 pcre2 (guilhem)
   NOTE: 20230303: Programming language: C.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cc29fbf953043f3988396be508ac4f6dda551d57...f9e00d58b8c36bb50863947c18f3c011df60b3c3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cc29fbf953043f3988396be508ac4f6dda551d57...f9e00d58b8c36bb50863947c18f3c011df60b3c3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230313/11c42fea/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list