bug#70174: OpenEXR is vulnerable to CVE-2023-5841 and CVE-2021-45942

Wed, 03 Apr 2024 18:09:21 -0700

OpenEXR suffers from these vulnerabilities which were fixed in version 3.2.2 [1] and 3.1.4 [2], respectively, while our version is currently 3.1.3.
The package contains 448 dependents, and a change in derivation shouldn't be pushed to master, at least according to the patch submission guidelines. 

[1] https://nvd.nist.gov/vuln/detail/CVE-2023-5841

[2] https://nvd.nist.gov/vuln/detail/CVE-2021-45942


























					Reply via email to