git: b41e604352c1 - main - security/vuxml: document OpenEXR < 3.1.4 vuln
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 28 Jan 2022 18:52:02 UTC
The branch main has been updated by mandree: URL: https://cgit.FreeBSD.org/ports/commit/?id=b41e604352c150eed8fa42cd04bc0176cd2190c0 commit b41e604352c150eed8fa42cd04bc0176cd2190c0 Author: Matthias Andree <mandree@FreeBSD.org> AuthorDate: 2022-01-28 18:48:14 +0000 Commit: Matthias Andree <mandree@FreeBSD.org> CommitDate: 2022-01-28 18:51:52 +0000 security/vuxml: document OpenEXR < 3.1.4 vuln Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute Security: b6ef8a53-8062-11ec-9af3-fb232efe4d2e Security: CVE-2021-45942 --- security/vuxml/vuln-2022.xml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index e11b932683af..9337a4faab3e 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,36 @@ + <vuln vid="b6ef8a53-8062-11ec-9af3-fb232efe4d2e"> + <topic>OpenEXR -- Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute</topic> + <affects> + <package> + <name>openexr</name> + <range><lt>3.1.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Cary Phillips reports:</p> + <blockquote cite="https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022"> + <p>[OpenEXR Version 3.1.4 is a] patch release that [...] + addresses one public security vulnerability: + CVE-2021-45942 Heap-buffer-overflow in + Imf_3_1::LineCompositeTask::execute [and several] + specific OSS-fuzz issues [...].</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-45942</cvename> + <url>https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022</url> + <url>https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416</url> <!-- reported for dates.discovery below --> + <url>https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41999</url> <!-- reported 2021-12-04 --> + <url>https://github.com/AcademySoftwareFoundation/openexr/pull/1209</url> <!-- fix for CVE-inducing issue --> + </references> + <dates> + <discovery>2021-11-26</discovery> + <entry>2022-01-28</entry> + </dates> + </vuln> + <vuln vid="1aaaa5c6-804d-11ec-8be6-d4c9ef517024"> <topic>OpenSSL -- BN_mod_exp incorrect results on MIPS</topic> <affects>