On Mon, May 16, 2022 at 9:24 AM sana kazi <sanakazis...@gmail.com> wrote:
> From: Sana Kazi <sana.k...@kpit.com> > > Whitelist CVE-2020-27844 as it is introduced by > > https://github.com/uclouvain/openjpeg/commit/4edb8c83374f52cd6a8f2c7c875e8ffacccb5fa5 > but the contents of this patch is not present in openjpeg_2.3.1 > > Link: https://security-tracker.debian.org/tracker/CVE-2020-27844 > > Whitelist CVE-2015-1239 as the CVE description clearly states that > j2k_read_ppm_v3 function in openjpeg is affected due to CVE-2015-1239 > but in openjpeg_2.3.1 this function is not present. > Hence, CVE-2015-1239 does not affect openjpeg_2.3.1. > > I agree with the analysis, thank you for looking into it! It seems that it will be better to add that information to the NVD database. Sending the change information right now. Kind regards, Marta
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#97123): https://lists.openembedded.org/g/openembedded-devel/message/97123 Mute This Topic: https://lists.openembedded.org/mt/91135007/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
