Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-20296 CVE-2021-3474 CVE-2021-3475 CVE-2021-3476 CVE-2021-3477 CVE-2021-3478 CVE-2021-3479

Related Vulnerabilities: CVE-2021-20296   CVE-2021-3474   CVE-2021-3475   CVE-2021-3476   CVE-2021-3477   CVE-2021-3478   CVE-2021-3479  

Source

Debian Bug report logs - #986796
CVE-2021-20296 CVE-2021-3474 CVE-2021-3475 CVE-2021-3476 CVE-2021-3477 CVE-2021-3478 CVE-2021-3479

version graph

Package: openexr; Maintainer for openexr is Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>; Source for openexr is src:openexr (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Mon, 12 Apr 2021 09:27:02 UTC

Severity: important

Tags: security, upstream

Found in version openexr/2.5.4-1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>:
Bug#986796; Package openexr. (Mon, 12 Apr 2021 09:27:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>. (Mon, 12 Apr 2021 09:27:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2021-20296 CVE-2021-3474 CVE-2021-3475 CVE-2021-3476 CVE-2021-3477 CVE-2021-3478 CVE-2021-3479
Date: Mon, 12 Apr 2021 11:23:58 +0200
Package: openexr
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

CVE-2021-20296
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854
https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a

CVE-2021-3479
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370
https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c
https://github.com/AcademySoftwareFoundation/openexr/pull/830

CVE-2021-3478
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409
https://bugzilla.redhat.com/show_bug.cgi?id=1939160
https://github.com/AcademySoftwareFoundation/openexr/commit/bc88cdb6c97fbf5bc5d11ad8ca55306da931283a

CVE-2021-3477
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956
https://bugzilla.redhat.com/show_bug.cgi?id=1939159
https://github.com/AcademySoftwareFoundation/openexr/commit/467be80b75642efbbe6bdace558079f68c16acb1

CVE-2021-3474
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831
https://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f

CVE-2021-3475
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297
https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753

CVE-2021-3476
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787
https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9

Cheers,
        Moritz

Added tag(s) upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Mon, 12 Apr 2021 09:39:05 GMT) (full text, mbox, link).

Marked as found in versions openexr/2.5.4-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Mon, 12 Apr 2021 09:39:05 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Tue Apr 13 08:07:32 2021; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started