[Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2020-16587 in openexr for stretch LTS.

Fri, 11 Dec 2020 02:16:30 -0800 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e152b7e4 by Chris Lamb at 2020-12-11T10:13:56+00:00
Triage CVE-2020-16587 in openexr for stretch LTS.

- - - - -
79950a50 by Chris Lamb at 2020-12-11T10:15:50+00:00
data/dla-needed.txt: Triage openexr for stretch LTS (CVE-2020-16588 
CVE-2020-16589).

- - - - -
f13a436b by Chris Lamb at 2020-12-11T10:16:05+00:00
data/dla-needed.txt: Claim openexr.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -32865,6 +32865,7 @@ CVE-2020-16588 (A Null Pointer Deference issue exists 
in Academy Software Founda
        NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/493
 CVE-2020-16587 (A heap-based buffer overflow vulnerability exists in Academy 
Software  ...)
        - openexr 2.5.3-2
+       [stretch] - openexr <not-affected> (Vulnerable code not present, part 
number range checking added later)
        NOTE: 
https://github.com/AcademySoftwareFoundation/openexr/commit/8b5370c688a7362673c3a5256d93695617a4cd9a
 (v2.4.0-beta.1)
        NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/491
 CVE-2020-16586


=====================================
data/dla-needed.txt
=====================================
@@ -99,6 +99,8 @@ open-build-service
 opendmarc
   NOTE: 20200719: no patches for remaining CVEs available, everything else is 
already done in Stretch (thorsten)
 --
+openexr (Chris Lamb)
+--
 openjpeg2 (Thorsten Alteholz)
 --
 openssl (Emilio)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c6bc0e0acb962e3fec624f786657f1587497655e...f13a436b6150bb1db88b2267b200754a9f138120

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c6bc0e0acb962e3fec624f786657f1587497655e...f13a436b6150bb1db88b2267b200754a9f138120
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to