Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 02b23786 by Markus Koschany at 2023-04-04T22:41:50+02:00 CVE-2022-41981,openimageio: Link to fixing commits We also have to backport the safe_strlen function in order to fix this issue. - - - - - 3b0b9efa by Markus Koschany at 2023-04-04T23:21:58+02:00 CVE-2022-43593,openimageio: Link to fixing commit - - - - - b9b6f1a3 by Markus Koschany at 2023-04-04T23:59:08+02:00 CVE-2022-43602,openimageio: Link to fixing commit - - - - - c69291f9 by Markus Koschany at 2023-04-05T00:01:28+02:00 Claim openimageio in dsa-needed.txt - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -38513,6 +38513,7 @@ CVE-2022-43603 (A denial of service vulnerability exists in the ZfileOutput::clo CVE-2022-43602 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...) - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 + NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43601 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...) - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 @@ -38548,6 +38549,7 @@ CVE-2022-43594 (Multiple denial of service vulnerabilities exist in the image ou CVE-2022-43593 (A denial of service vulnerability exists in the DPXOutput::close() fun ...) - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1652 + NOTE: https://github.com/OpenImageIO/oiio/pull/3672 CVE-2022-43592 (An information disclosure vulnerability exists in the DPXOutput::close ...) - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651 @@ -43050,6 +43052,8 @@ CVE-2022-42002 (SonicJS through 0.6.0 allows file overwrite. It has the followin CVE-2022-41981 (A stack-based buffer overflow vulnerability exists in the TGA file for ...) - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1628 + NOTE: https://github.com/OpenImageIO/oiio/commit/bc9c931092e973d5250dd22a714cf035827dae6d + NOTE: https://github.com/OpenImageIO/oiio/pull/3622/commits/c412312f978fbbf987f190d0d2a9f6980b7f267f CVE-2022-41977 (An out of bounds read vulnerability exists in the way OpenImageIO vers ...) - openimageio 2.3.21.0+dfsg-1 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1627 ===================================== data/dsa-needed.txt ===================================== @@ -33,7 +33,7 @@ netatalk -- nodejs (aron) -- -openimageio +openimageio (Markus Koschany) some issues allow for RCE, the other ones can also be ignored for stable -- php-cas View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e0c2220ff75377a083d1d4f559b454affa880ba3...c69291f94771f929f8f96782792503a6c890f65c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e0c2220ff75377a083d1d4f559b454affa880ba3...c69291f94771f929f8f96782792503a6c890f65c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits