Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
02b23786 by Markus Koschany at 2023-04-04T22:41:50+02:00
CVE-2022-41981,openimageio: Link to fixing commits
We also have to backport the safe_strlen function in order to fix this issue.
- - - - -
3b0b9efa by Markus Koschany at 2023-04-04T23:21:58+02:00
CVE-2022-43593,openimageio: Link to fixing commit
- - - - -
b9b6f1a3 by Markus Koschany at 2023-04-04T23:59:08+02:00
CVE-2022-43602,openimageio: Link to fixing commit
- - - - -
c69291f9 by Markus Koschany at 2023-04-05T00:01:28+02:00
Claim openimageio in dsa-needed.txt
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -38513,6 +38513,7 @@ CVE-2022-43603 (A denial of service vulnerability
exists in the ZfileOutput::clo
CVE-2022-43602 (Multiple code execution vulnerabilities exist in the
IFFOutput::close( ...)
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
+ NOTE: https://github.com/OpenImageIO/oiio/pull/3676
CVE-2022-43601 (Multiple code execution vulnerabilities exist in the
IFFOutput::close( ...)
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656
@@ -38548,6 +38549,7 @@ CVE-2022-43594 (Multiple denial of service
vulnerabilities exist in the image ou
CVE-2022-43593 (A denial of service vulnerability exists in the
DPXOutput::close() fun ...)
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1652
+ NOTE: https://github.com/OpenImageIO/oiio/pull/3672
CVE-2022-43592 (An information disclosure vulnerability exists in the
DPXOutput::close ...)
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651
@@ -43050,6 +43052,8 @@ CVE-2022-42002 (SonicJS through 0.6.0 allows file
overwrite. It has the followin
CVE-2022-41981 (A stack-based buffer overflow vulnerability exists in the TGA
file for ...)
- openimageio 2.4.7.1+dfsg-2 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1628
+ NOTE:
https://github.com/OpenImageIO/oiio/commit/bc9c931092e973d5250dd22a714cf035827dae6d
+ NOTE:
https://github.com/OpenImageIO/oiio/pull/3622/commits/c412312f978fbbf987f190d0d2a9f6980b7f267f
CVE-2022-41977 (An out of bounds read vulnerability exists in the way
OpenImageIO vers ...)
- openimageio 2.3.21.0+dfsg-1 (bug #1027143)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1627
=====================================
data/dsa-needed.txt
=====================================
@@ -33,7 +33,7 @@ netatalk
--
nodejs (aron)
--
-openimageio
+openimageio (Markus Koschany)
some issues allow for RCE, the other ones can also be ignored for stable
--
php-cas
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e0c2220ff75377a083d1d4f559b454affa880ba3...c69291f94771f929f8f96782792503a6c890f65c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e0c2220ff75377a083d1d4f559b454affa880ba3...c69291f94771f929f8f96782792503a6c890f65c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
