Update CVE-2018-1250{3,4}/tinyexr

author: Salvatore Bonaccorso <carnil@debian.org> 2021-07-31 20:38:36 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-07-31 20:38:36 +0200
commit: 3e9d0b8b9821176ff6a99fe2f4988f18c5b2f124 (patch)
tree: 3264ca8f53ffa038c5c0839d48bb25128fbe1769 /data/CVE/list.2018
parent: e5c7323fb5e97ff417905358ff24c317520a5944 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018
index 7f0567ca9c..8d8436e45e 100644
--- a/data/CVE/list.2018
+++ b/data/CVE/list.2018
@@ -23234,9 +23234,13 @@ CVE-2018-12506
 CVE-2018-12505
 	RESERVED
 CVE-2018-12504 (tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tiny ...)
-	NOT-FOR-US: tinyexr
+	- tinyexr <not-affected> (Fixed before initial upload to Debian)
+	NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_b53a457
+	NOTE: https://github.com/syoyo/tinyexr/issues/82
 CVE-2018-12503 (tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMem ...)
-	NOT-FOR-US: tinyexr
+	- tinyexr <not-affected> (Fixed before initial upload to Debian)
+	NOTE: https://github.com/syoyo/tinyexr/issues/81
+	NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_65f9859#duplicated-cve-2018-12503-heap-buffer-overflow-in-function-tinyexrloadexrimagefromfile-tinyexrh11593
 CVE-2018-12502
 	RESERVED
 CVE-2018-12501 (Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2021-07-31 20:38:36 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-07-31 20:38:36 +0200
commit	3e9d0b8b9821176ff6a99fe2f4988f18c5b2f124 (patch)
tree	3264ca8f53ffa038c5c0839d48bb25128fbe1769 /data/CVE/list.2018
parent	e5c7323fb5e97ff417905358ff24c317520a5944 (diff)