Update CVE-2018-20652: Associate with tinyexr

author: Salvatore Bonaccorso <carnil@debian.org> 2021-07-31 20:35:30 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-07-31 20:35:30 +0200
commit: e5c7323fb5e97ff417905358ff24c317520a5944 (patch)
tree: 378a7a17b9cd52f8ced10c8706449667b7d5ceed /data/CVE/list.2018
parent: f7ac290f3b612480ebbcea563e3499965ad9d479 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018
index 88f43c6537..7f0567ca9c 100644
--- a/data/CVE/list.2018
+++ b/data/CVE/list.2018
@@ -1663,7 +1663,9 @@ CVE-2018-20654
 CVE-2018-20653
 	RESERVED
 CVE-2018-20652 (An attempted excessive memory allocation was discovered in the functio ...)
-	NOT-FOR-US: tinyexr
+	- tinyexr <not-affected> (Fixed with initial upload to Debian)
+	NOTE: https://github.com/syoyo/tinyexr/issues/104
+	NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_65f9859#cve-2018-20652-heap-buffer-overflow-in-function-tinyexrallocateimage-tinyexrh10302
 CVE-2018-20651 (A NULL pointer dereference was discovered in elf_link_add_object_symbo ...)
 	- binutils 2.32.51.20190707-1 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24041
author	Salvatore Bonaccorso <carnil@debian.org>	2021-07-31 20:35:30 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-07-31 20:35:30 +0200
commit	e5c7323fb5e97ff417905358ff24c317520a5944 (patch)
tree	378a7a17b9cd52f8ced10c8706449667b7d5ceed /data/CVE/list.2018
parent	f7ac290f3b612480ebbcea563e3499965ad9d479 (diff)