Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2163da4a by Markus Koschany at 2022-12-10T17:20:06+01:00 Reserve DSA-5299-1 for openexr - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -83542,7 +83542,6 @@ CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $reques CVE-2021-3941 (In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division o ...) [experimental] - openexr 3.1.3-1 - openexr 3.1.5-2 (bug #1014828) - [bullseye] - openexr <no-dsa> (Minor issue) [stretch] - openexr <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019789 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39084 @@ -83730,7 +83729,6 @@ CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special Eleme CVE-2021-3933 (An integer overflow could occur when OpenEXR processes a crafted file ...) [experimental] - openexr 3.1.3-1 - openexr 3.1.5-2 (bug #1014828) - [bullseye] - openexr <no-dsa> (Minor issue) [stretch] - openexr <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019783 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38912 @@ -108279,7 +108277,6 @@ CVE-2021-34675 (Basix NEX-Forms through 7.8.7 allows authentication bypass for s CVE-2021-3598 (There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in ...) {DLA-2701-1} - openexr 2.5.7-1 (bug #990450) - [bullseye] - openexr <no-dsa> (Minor issue) [buster] - openexr <no-dsa> (Minor issue) NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1033 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1037 @@ -116475,7 +116472,6 @@ CVE-2021-26945 (An integer overflow leading to a heap-buffer overflow was found CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found in the ...) {DLA-2701-1} - openexr 2.5.7-1 (bug #992703) - [bullseye] - openexr <no-dsa> (Minor issue) [buster] - openexr <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947582 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29423 @@ -116485,7 +116481,6 @@ CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found CVE-2021-23215 (An integer overflow leading to a heap-buffer overflow was found in the ...) {DLA-2701-1} - openexr 2.5.7-1 - [bullseye] - openexr <ignored> (Minor issue, might change ABI) [buster] - openexr <ignored> (Minor issue, might change ABI) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947586 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29653 ===================================== data/DSA/list ===================================== @@ -1,3 +1,6 @@ +[10 Dec 2022] DSA-5299-1 openexr - security update + {CVE-2021-3598 CVE-2021-3605 CVE-2021-3933 CVE-2021-3941 CVE-2021-23215 CVE-2021-26260 CVE-2021-45942} + [bullseye] - openexr 2.5.4-2+deb11u1 [09 Dec 2022] DSA-5298-1 cacti - security update {CVE-2022-0730 CVE-2022-46169} [bullseye] - cacti 1.2.16+ds1-2+deb11u1 ===================================== data/dsa-needed.txt ===================================== @@ -29,8 +29,6 @@ nodejs -- multipath-tools -- -openexr (apo) --- php-cas (jmm) -- php-horde-mime-viewer View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2163da4a801b6b1c642cfacbb2b2495405736514 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2163da4a801b6b1c642cfacbb2b2495405736514 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits