CVE-2017-9114/openexr: fix patch ref

verified with PoC .../exr2aces id:000132,sig:11,src:000895,op:havoc,rep:32 /dev/null
author: Sylvain Beucler <beuc@beuc.net> 2021-06-22 19:41:07 +0200
committer: Sylvain Beucler <beuc@beuc.net> 2021-06-22 23:04:11 +0200
commit: 36411724cb30012bc1d32c61a55ed26fc221811e (patch)
tree: b7ed861a891a50710e1445cf3af27a476347092f /data/CVE/list.2017
parent: abacc24b747e9153cfbf5ec15ba6dd0314c4a073 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017
index 78fe29cda2..9f72365516 100644
--- a/data/CVE/list.2017
+++ b/data/CVE/list.2017
@@ -28350,12 +28350,12 @@ CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator fu
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0)
 CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in  ...)
 	{DSA-4755-1 DLA-2358-1}
-	- openexr 2.5.3-2 (bug #873885)
+	- openexr 2.2.0-11.1 (bug #873885)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	[wheezy] - openexr <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
 	NOTE: https://github.com/openexr/openexr/issues/232
-	NOTE: Same patchset as CVE-2017-9111/9113/9115
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1)
 CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels ...)
 	{DSA-4755-1 DLA-2358-1}
 	- openexr 2.5.3-2 (low; bug #873885)
author	Sylvain Beucler <beuc@beuc.net>	2021-06-22 19:41:07 +0200
committer	Sylvain Beucler <beuc@beuc.net>	2021-06-22 23:04:11 +0200
commit	36411724cb30012bc1d32c61a55ed26fc221811e (patch)
tree	b7ed861a891a50710e1445cf3af27a476347092f /data/CVE/list.2017
parent	abacc24b747e9153cfbf5ec15ba6dd0314c4a073 (diff)