Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5e023bce by Sylvain Beucler at 2021-07-06T16:09:28+02:00
CVE-2021-3605/openexr: stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3239,10 +3239,11 @@ CVE-2021-34696
CVE-2021-3605 [Heap buffer overflow in the rleUncompress function]
RESERVED
- openexr <unfixed>
- [stretch] - openexr <postponed> (apparent duplicate of CVE-2020-11760,
recheck when MITRE information is public)
+ [stretch] - openexr <postponed> (Minor issue, buffer read overflow, fix
along next DLA)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1036
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/25259a84827234a283f6f9db72978198c7a3f268
(master)
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/3204008c0bd4c8d7599a052b304d1b44c4511283
(v2.5)
+ NOTE: not to be confused with CVE-2020-11760 whose fix is similar but
applied around 10 lines above, in the other branch of the 'if'
CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a vulnerability that can
result in ...)
- libphp-phpmailer <unfixed>
[stretch] - libphp-phpmailer <postponed> (Minor issue, fix along with
next DLA)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e023bcecaae09c492630b3528161a0621cf1f12
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e023bcecaae09c492630b3528161a0621cf1f12
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
