[Git][security-tracker-team/security-tracker][master] Two openexr issues are actually not clear not-affected, back to unfixed and add TODO

Salvatore Bonaccorso (@carnil) Fri, 01 Aug 2025 15:45:46 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b754ef29 by Salvatore Bonaccorso at 2025-08-02T00:45:00+02:00
Two openexr issues are actually not clear not-affected, back to unfixed and add 
TODO

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -179,12 +179,14 @@ CVE-2025-31716 (In bootloader, there is a possible out of 
bounds write due to a
 CVE-2025-23289 (NVIDIA Omniverse Launcher for Windows and Linux contains a 
vulnerabili ...)
        TODO: check
 CVE-2025-48073 (OpenEXR provides the specification and reference 
implementation of the ...)
-       - openexr <not-affected> (Vulnerable code introduced later)
+       - openexr <unfixed>
        NOTE: 
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-qhpm-86v7-phmm
+       TODO: check details
 CVE-2025-48072 (OpenEXR provides the specification and reference 
implementation of the ...)
-       - openexr <not-affected> (Vulnerable code introduced later)
+       - openexr <unfixed>
        NOTE: 
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-4r7w-q3jg-ff43
        NOTE: 
https://github.com/AcademySoftwareFoundation/openexr/commit/2d09449427b13a05f7c31a98ab2c4347c23db361
 (v3.3.3-rc)
+       TODO: check details
 CVE-2025-48071 (OpenEXR provides the specification and reference 
implementation of the ...)
        - openexr <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-h45x-qhg2-q375



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b754ef2993e3fcaaf5b50cb7ff18c98ed13180e5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b754ef2993e3fcaaf5b50cb7ff18c98ed13180e5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Two openexr issues are actually not clear not-affected, back to unfixed and add TODO

Reply via email to