[Git][security-tracker-team/security-tracker][master] new openexr issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6bf285fb by Moritz Muehlenhoff at 2026-04-07T13:01:33+02:00
new openexr issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -357,19 +357,43 @@ CVE-2026-34753 (vLLM is an inference and serving engine for large language model
 CVE-2026-34589 (OpenEXR provides the specification and reference implementation of the ...)
 	- openexr <unfixed>
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-p8xc-w3q4-h64x
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/2328
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e464a33cc5bcd9f7dad2364bf76c08a52a5b0fbf (main)
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ea588c8f075f5915e34931861e15b6c2d3b62561 (v3.4.9-rc)
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ca0139287918775e1fddc0ed0033d694bec033ff (v3.2.7-rc)
 CVE-2026-34588 (OpenEXR provides the specification and reference implementation of the ...)
 	- openexr <unfixed>
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-588r-cr5c-w6hf
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/2329
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/7c31424f9e381f386af83194d0b0e253da4a24d2 (main)
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/9ad6c97548a54fea8d2fdc1a06883bbba7c5c9c3 (v3.4.9-rc)
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/a76a8e0d1a180089658498c015d9809687a3ebfd (v3.2.7-rc)
 CVE-2026-34444 (Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 an ...)
 	TODO: check
 CVE-2026-34402 (ChurchCRM is an open-source church management system. Prior to 7.1.0,  ...)
 	NOT-FOR-US: ChurchCRM
 CVE-2026-34380 (OpenEXR provides the specification and reference implementation of the ...)
-	TODO: check
+	- openexr <unfixed>
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-q3v8-hw4m-59w5
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/2323
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/f5beec2bd8636102e74460a0b624d3e26efc546f (main)
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b2cebfa1c68e76cb2048ac1c1fbf1b50d196ff9d (v3.4.9-rc)
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/a5e5a2eba975b57f77e1c6b6d22ecc49553624e2 (v3.2.7-rc)
 CVE-2026-34379 (OpenEXR provides the specification and reference implementation of the ...)
-	TODO: check
+	- openexr <unfixed>
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-w88v-vqhq-5p24
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/2324
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3ad9b29430f9c2599dad113e1efe619a6ec7ba67 (main)
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/d32ffe9d3727c0474b63e91556baf61ced3d89e0 (v3.4.9-rc)
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/76af7d7508819a477f2cbce808ee975da8053ce3 (v3.2.7-rc)
 CVE-2026-34378 (OpenEXR provides the specification and reference implementation of the ...)
-	TODO: check
+	- openexr <unfixed>
+	[trixie] - openexr <not-affected> (Vulnerable code not present)
+	[bookworm] - openexr <not-affected> (Vulnerable code not present)
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-v76p-4qvv-vh4g
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/2321
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/088859fb6199e56824c4c9ed60afc825261bfea9 (main)
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/7a1c64ca74d12bf5f64a912d4e12a651689f8652 (v3.4.9-rc)
 CVE-2026-34217 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope ...)
 	TODO: check
 CVE-2026-34211 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @ny ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bf285fb951450a01434d1b4c72b29ef2937c95d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bf285fb951450a01434d1b4c72b29ef2937c95d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260407/6f1083ee/attachment.htm>