Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a0bc470b by Salvatore Bonaccorso at 2020-04-27T22:20:30+02:00 Track new openexr issues I kept the TODO item as we need to double check the fixing commits. https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 itself does not cover individual upstream commits but only refer to v2.4.1 fixing all of those issues reported by project-zero to openexr project. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2002,21 +2002,47 @@ CVE-2020-11767 (Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak is CVE-2020-11766 RESERVED CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...) - TODO: check + - openexr <unfixed> + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a + TODO: check correctness CVE-2020-11764 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) - TODO: check + - openexr <unfixed> + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e7c26f6ef5bf7ae8ea21ecf19963186cd1391720 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/a6408c90339bdf19f89476578d7f936b741be9b2 + TODO: check correctness CVE-2020-11763 (An issue was discovered in OpenEXR before 2.4.1. There is an std::vect ...) - TODO: check + - openexr <unfixed> + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + TODO: check fixing commit CVE-2020-11762 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) - TODO: check + - openexr <unfixed> + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a + TODO: check correctness CVE-2020-11761 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) - TODO: check + - openexr <unfixed> + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b1c34c496b62117115b1089b18a44e0031800a09 + TODO: check correctness CVE-2020-11760 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) - TODO: check + - openexr <unfixed> + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3 + TODO: check correctness CVE-2020-11759 (An issue was discovered in OpenEXR before 2.4.1. Because of integer ov ...) - TODO: check + - openexr <unfixed> + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b9997d0c045fa01af3d2e46e1a74b07cc4519446 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/acad98d6d3e787f36012a3737c23c42c7f43a00f + TODO: check completeness for upstream commits to cover CVE-2020-11759 CVE-2020-11758 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) - TODO: check + - openexr <unfixed> + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + TODO: check isolated commit to fix issue CVE-2020-11757 RESERVED CVE-2020-11756 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0bc470bd19eb1a713656d76f79e8dd0e1d0847b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0bc470bd19eb1a713656d76f79e8dd0e1d0847b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
