[Git][security-tracker-team/security-tracker][master] 2 commits: Add upstream tag information for introducing commit for CVE-2025-64181

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 24 19:27:18 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b34d7d9 by Salvatore Bonaccorso at 2025-11-24T20:23:05+01:00
Add upstream tag information for introducing commit for CVE-2025-64181

- - - - -
3310c128 by Salvatore Bonaccorso at 2025-11-24T20:26:20+01:00
Update information for CVE-2025-64181

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3794,9 +3794,10 @@ CVE-2025-64181 (OpenEXR provides the specification and reference implementation
 	[bookworm] - openexr <no-dsa> (Minor issue)
 	[bullseye] - openexr <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq
-	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/72aa3e78acfb99eacae8bfae8bf4e4831634db11
-	NOTE: Introduced in https://github.com/AcademySoftwareFoundation/openexr/commit/a04cbf5a48c7a8b6a6dd3b1e2471bde3cd4cb6df
-	NOTE: which is the squash merge of https://github.com/AcademySoftwareFoundation/openexr/pull/870.
+	NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/72aa3e78acfb99eacae8bfae8bf4e4831634db11 (main)
+	NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/df97029a900a2a415fcffbb65ac88bc8972cccfd (v3.4.3-rc)
+	NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/018763e3f52cc8152c1f30bb4a6ec00c6e9b9fb8 (v3.3.6-rc)
+	NOTE: Introduced in: https://github.com/AcademySoftwareFoundation/openexr/commit/a04cbf5a48c7a8b6a6dd3b1e2471bde3cd4cb6df (v3.1.0-rc1)
 CVE-2025-64167 (Combodo iTop is a web based IT service management tool. Versions prior ...)
 	NOT-FOR-US: Combodo iTop
 CVE-2025-63678 (An authenticated arbitrary file upload vulnerability in the /uploads/  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a22c90d5bf3499e14b494186f7a77b8215f10885...3310c128e88ea4d192c1a8f6c0ed3f033633abc7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a22c90d5bf3499e14b494186f7a77b8215f10885...3310c128e88ea4d192c1a8f6c0ed3f033633abc7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251124/60c3e9cb/attachment.htm>

More information about the debian-security-tracker-commits mailing list