Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6de06e04 by Salvatore Bonaccorso at 2018-11-08T14:41:59Z Mark CVE-2017-14988/openexr as unimportant Analysis of https://github.com/openexr/openexr/issues/248 upstream indicates this is caused by an improper assumption from ImageMagick and the security impact is actually negligable at most. Mark as unimportant and ideally an involved party properly request a REJECT. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -58935,11 +58935,9 @@ CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in . NOTE: https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/28bad01242898d7f863deedbfa8502c348293093 CVE-2017-14988 (Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote ...) - - openexr <unfixed> (bug #878551) - [stretch] - openexr <no-dsa> (Minor issue) - [jessie] - openexr <no-dsa> (Minor issue) - [wheezy] - openexr <postponed> (Should be fixed along in future update) + - openexr <unfixed> (bug #878551; unimportant) NOTE: https://github.com/openexr/openexr/issues/248 + NOTE: Issue in the use of openexr via ImageMagick, no real security impact CVE-2017-14987 RESERVED CVE-2017-14986 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6de06e045ca1e5bb4db711f2ad005a6f645a87e0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6de06e045ca1e5bb4db711f2ad005a6f645a87e0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
