diff options
| author | Matthias Andree <mandree@FreeBSD.org> | 2021-07-02 15:51:35 +0000 |
|---|---|---|
| committer | Matthias Andree <mandree@FreeBSD.org> | 2021-07-03 05:01:44 +0000 |
| commit | 4ec25bf2bc66bfb5397f2f811d9046aab1d853d8 (patch) | |
| tree | c8328a9a1805b5e8d5f613b24b65530b32e2b815 | |
| parent | adc38e2e98782a91ba770f3f0d2095c7a9843cca (diff) | |
| download | ports-4ec25bf2bc66bfb5397f2f811d9046aab1d853d8.tar.gz ports-4ec25bf2bc66bfb5397f2f811d9046aab1d853d8.zip | |
security/vuxml: document openexr < 3.0.5 vulns
Security: f2596f27-db4c-11eb-8bc6-c556d71493c9
| -rw-r--r-- | security/vuxml/vuln-2021.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index 6424ad62cf30..5e1873ff889f 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,32 @@ + <vuln vid="f2596f27-db4c-11eb-8bc6-c556d71493c9"> + <topic>openexr v3.0.5 -- fixes miscellaneous security issues</topic> + <affects> + <package> + <name>openexr</name> + <range><lt>3.0.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Cary Phillips reports:</p> + <blockquote cite="https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.0.5"> + <ul> + <li>1038 fix/extend part number validation in MultiPart methods</li> + <li>1037 verify data size in deepscanlines with NO_COMPRESSION</li> + <li>1036 detect buffer overflows in RleUncompress</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.0.5</url> + </references> + <dates> + <discovery>2021-06-03</discovery> + <entry>2021-07-02</entry> + </dates> + </vuln> + <vuln vid="8ba8278d-db06-11eb-ba49-001b217b3468"> <topic>Gitlab -- Multiple Vulnerabilities</topic> <affects> |