[Git][security-tracker-team/security-tracker][master] Two openexr issues are actually not clear not-affected, back to unfixed and add TODO

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 1 23:45:38 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b754ef29 by Salvatore Bonaccorso at 2025-08-02T00:45:00+02:00
Two openexr issues are actually not clear not-affected, back to unfixed and add TODO

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -179,12 +179,14 @@ CVE-2025-31716 (In bootloader, there is a possible out of bounds write due to a
 CVE-2025-23289 (NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerabili ...)
 	TODO: check
 CVE-2025-48073 (OpenEXR provides the specification and reference implementation of the ...)
-	- openexr <not-affected> (Vulnerable code introduced later)
+	- openexr <unfixed>
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-qhpm-86v7-phmm
+	TODO: check details
 CVE-2025-48072 (OpenEXR provides the specification and reference implementation of the ...)
-	- openexr <not-affected> (Vulnerable code introduced later)
+	- openexr <unfixed>
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-4r7w-q3jg-ff43
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2d09449427b13a05f7c31a98ab2c4347c23db361 (v3.3.3-rc)
+	TODO: check details
 CVE-2025-48071 (OpenEXR provides the specification and reference implementation of the ...)
 	- openexr <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h45x-qhg2-q375



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b754ef2993e3fcaaf5b50cb7ff18c98ed13180e5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b754ef2993e3fcaaf5b50cb7ff18c98ed13180e5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250801/acdbad90/attachment.htm>

More information about the debian-security-tracker-commits mailing list