Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits: 663b6bcc by Adrian Bunk at 2020-08-30T21:33:16+03:00 Reserve DLA-2358-1 for openexr - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -186073,7 +186073,6 @@ CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has an NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...) - openexr 2.2.0-11.1 (bug #877352) - [stretch] - openexr <no-dsa> (Minor issue) [jessie] - openexr <no-dsa> (Minor issue) [wheezy] - openexr 1.6.1-6+deb7u1 NOTE: https://github.com/openexr/openexr/issues/238 @@ -196470,14 +196469,12 @@ CVE-2017-9117 (In LibTIFF 4.0.7, the program processes BMP images without verify CVE-2017-9116 (In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function ...) {DLA-1083-1} - openexr 2.2.0-11.1 (bug #864078) - [stretch] - openexr <no-dsa> (Minor issue) [jessie] - openexr <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator functio ...) {DSA-4755-1} - openexr 2.5.3-2 (bug #873885) - [stretch] - openexr <no-dsa> (Minor issue) [jessie] - openexr <no-dsa> (Minor issue) [wheezy] - openexr <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 @@ -196485,7 +196482,6 @@ CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator fu CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ...) {DSA-4755-1} - openexr 2.5.3-2 (bug #873885) - [stretch] - openexr <no-dsa> (Minor issue) [jessie] - openexr <no-dsa> (Minor issue) [wheezy] - openexr <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 @@ -196493,7 +196489,6 @@ CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill functio CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels ...) {DSA-4755-1} - openexr 2.5.3-2 (low; bug #873885) - [stretch] - openexr <no-dsa> (Minor issue) [jessie] - openexr <no-dsa> (Minor issue) [wheezy] - openexr <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 @@ -196501,14 +196496,12 @@ CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadP CVE-2017-9112 (In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ...) {DLA-1083-1} - openexr 2.2.0-11.1 (bug #864078) - [stretch] - openexr <no-dsa> (Minor issue) [jessie] - openexr <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function ...) {DSA-4755-1} - openexr 2.5.3-2 (bug #873885) - [stretch] - openexr <no-dsa> (Minor issue) [jessie] - openexr <no-dsa> (Minor issue) [wheezy] - openexr <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 @@ -196516,7 +196509,6 @@ CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE func CVE-2017-9110 (In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function ...) {DLA-1083-1} - openexr 2.2.0-11.1 (bug #864078) - [stretch] - openexr <no-dsa> (Minor issue) [jessie] - openexr <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[30 Aug 2020] DLA-2358-1 openexr - security update + {CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2017-12596 CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765 CVE-2020-15305 CVE-2020-15306} + [stretch] - openexr 2.2.0-11+deb9u1 [30 Aug 2020] DLA-2357-1 ros-actionlib - security update {CVE-2020-10289} [stretch] - ros-actionlib 1.11.7-1+deb9u1 ===================================== data/dla-needed.txt ===================================== @@ -120,8 +120,6 @@ nss (Adrian Bunk) opendmarc NOTE: 20200719: no patches for remaining CVEs available, everything else is already done in Stretch (thorsten) -- -openexr (Adrian Bunk) --- php-horde-trean (Mike Gabriel) NOTE: 20200829: Reconsidering CVE-2019-12095 and what has been written in https://bugs.horde.org/ticket/14926 (sunweaver) NOTE: 20200829: We may not expect too much activity regarding this by upstream. (sunweaver) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/663b6bcc86019f19de685995bd83b090f68f17a6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/663b6bcc86019f19de685995bd83b090f68f17a6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits