Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1eed3da6 by Salvatore Bonaccorso at 2026-03-12T12:47:22+01:00
Track fixed version for some openexr issues fixed via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4373,7 +4373,7 @@ CVE-2026-27932 (joserfc is a Python library that provides
an implementation of s
CVE-2026-27905 (BentoML is a Python library for building online serving
systems optimi ...)
NOT-FOR-US: BentoML
CVE-2026-27622 (OpenEXR provides the specification and reference
implementation of the ...)
- - openexr <unfixed> (bug #1130041)
+ - openexr 3.4.6+ds-1 (bug #1130041)
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-cr4v-6jm6-4963
NOTE: Fixed by:
https://github.com/AcademySoftwareFoundation/openexr/commit/e69bf4b929b9c4f17d8546e28ee4c410c3d0a088
(v3.2.6, v3.2.6-rc)
CVE-2026-27601 (Underscore.js is a utility-belt library for JavaScript. Prior
to 1.13. ...)
@@ -33877,14 +33877,14 @@ CVE-2025-13698 (Deciso OPNsense diag_backup.php
filename Directory Traversal Arb
CVE-2025-13407 (The Gravity Forms WordPress plugin before 2.9.23.1 does not
properly p ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12840 (Academy Software Foundation OpenEXR EXR File Parsing
Heap-based Buffer ...)
- - openexr <unfixed> (bug #1123963)
+ - openexr 3.4.6+ds-1 (bug #1123963)
[trixie] - openexr <postponed> (Revisit when fixed upstream)
[bookworm] - openexr <postponed> (Revisit when fixed upstream)
[bullseye] - openexr <postponed> (Revisit when fixed upstream)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-991/
NOTE:
https://lists.aswf.io/g/openexr-dev/topic/openexr_v3_4_3_is_staged_for/116040425
CVE-2025-12839 (Academy Software Foundation OpenEXR EXR File Parsing
Heap-based Buffer ...)
- - openexr <unfixed> (bug #1123963)
+ - openexr 3.4.6+ds-1 (bug #1123963)
[trixie] - openexr <postponed> (Revisit when fixed upstream)
[bookworm] - openexr <postponed> (Revisit when fixed upstream)
[bullseye] - openexr <postponed> (Revisit when fixed upstream)
@@ -33893,7 +33893,7 @@ CVE-2025-12839 (Academy Software Foundation OpenEXR EXR
File Parsing Heap-based
CVE-2025-12838 (MSP360 Free Backup Link Following Local Privilege Escalation
Vulnerabi ...)
NOT-FOR-US: MSP360
CVE-2025-12495 (Academy Software Foundation OpenEXR EXR File Parsing
Heap-based Buffer ...)
- - openexr <unfixed> (bug #1123963)
+ - openexr 3.4.6+ds-1 (bug #1123963)
[trixie] - openexr <postponed> (Revisit when fixed upstream)
[bookworm] - openexr <postponed> (Revisit when fixed upstream)
[bullseye] - openexr <postponed> (Revisit when fixed upstream)
@@ -49698,7 +49698,7 @@ CVE-2025-64182 (OpenEXR provides the specification and
reference implementation
- openexr <not-affected> (Python bindings introduced in 3.2)
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-vh63-9mqx-wmjr
CVE-2025-64181 (OpenEXR provides the specification and reference
implementation of the ...)
- - openexr <unfixed> (bug #1120700)
+ - openexr 3.4.6+ds-1 (bug #1120700)
[trixie] - openexr <no-dsa> (Minor issue)
[bookworm] - openexr <no-dsa> (Minor issue)
[bullseye] - openexr <not-affected> (Vulnerable code not present)
@@ -84612,7 +84612,7 @@ CVE-2025-49832 (Asterisk is an open source private
branch exchange and telephony
NOTE: Fixed by:
https://github.com/asterisk/asterisk/commit/723410e3126e2d6a6a05e89cdf0cb23f4556af3a
(master)
NOTE: Fixed by:
https://github.com/asterisk/asterisk/commit/f8c6ad7916a9d233eb9e685365132e0435535216
(22.5.1)
CVE-2025-48074 (OpenEXR provides the specification and reference
implementation of the ...)
- - openexr <unfixed> (bug #1110261)
+ - openexr 3.4.6+ds-1 (bug #1110261)
[trixie] - openexr <no-dsa> (Minor issue)
[bookworm] - openexr <no-dsa> (Minor issue)
[bullseye] - openexr <postponed> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1eed3da656c24704c0b919c859d86e6b35b31f6b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1eed3da656c24704c0b919c859d86e6b35b31f6b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
