[Git][security-tracker-team/security-tracker][master] Update CVE-2018-1250{3,4}/tinyexr

Sat, 31 Jul 2021 11:39:11 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ac5c3efd by Salvatore Bonaccorso at 2021-07-31T20:38:36+02:00
Update CVE-2018-1250{3,4}/tinyexr

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -199466,9 +199466,13 @@ CVE-2018-12506
 CVE-2018-12505
        RESERVED
 CVE-2018-12504 (tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout 
in tiny ...)
-       NOT-FOR-US: tinyexr
+       - tinyexr <not-affected> (Fixed before initial upload to Debian)
+       NOTE: 
https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_b53a457
+       NOTE: https://github.com/syoyo/tinyexr/issues/82
 CVE-2018-12503 (tinyexr 0.9.5 has a heap-based buffer over-read in 
LoadEXRImageFromMem ...)
-       NOT-FOR-US: tinyexr
+       - tinyexr <not-affected> (Fixed before initial upload to Debian)
+       NOTE: https://github.com/syoyo/tinyexr/issues/81
+       NOTE: 
https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_65f9859#duplicated-cve-2018-12503-heap-buffer-overflow-in-function-tinyexrloadexrimagefromfile-tinyexrh11593
 CVE-2018-12502
        RESERVED
 CVE-2018-12501 (Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac5c3efd7f1287b1cce7a0b08211ce0c38dccdc9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac5c3efd7f1287b1cce7a0b08211ce0c38dccdc9
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to