svn commit: r521274 - head/security/vuxml
Matthias Andree
mandree at FreeBSD.org
Sun Dec 29 12:11:10 UTC 2019
Author: mandree
Date: Sun Dec 29 12:11:09 2019
New Revision: 521274
URL: https://svnweb.freebsd.org/changeset/ports/521274
Log:
Document graphics/ilmbase graphics/openexr vulnerabilities.
Security: e4d9dffb-2a32-11ea-9693-e1b3f6feec79
Security: CVE-2018-18443
Security: CVE-2018-18444
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Dec 29 12:09:05 2019 (r521273)
+++ head/security/vuxml/vuln.xml Sun Dec 29 12:11:09 2019 (r521274)
@@ -58,6 +58,44 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="e4d9dffb-2a32-11ea-9693-e1b3f6feec79">
+ <topic>OpenEXR -- heap buffer overflow, and out-of-memory bugs</topic>
+ <affects>
+ <package>
+ <name>ilmbase</name>
+ <range><lt>2.3.0_4</lt></range>
+ </package>
+ <package>
+ <name>openexr</name>
+ <range><lt>2.3.0_3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Cary Phillips reports:</p>
+ <blockquote cite="https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.0">
+ <p>OpenEXR (IlmBase) v2.4.0 fixes the following security vulnerabilities:</p>
+ <ul>
+ <li>CVE-2018-18444 Issue #351 Out of Memory</li>
+ <li>CVE-2018-18443 Issue #350 heap-buffer-overflow</li>
+ </ul>
+ <p>The relevant patches have been backported to the FreeBSD ports.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.0</url>
+ <url>https://github.com/AcademySoftwareFoundation/openexr/issues/350</url>
+ <url>https://github.com/AcademySoftwareFoundation/openexr/issues/351</url>
+ <cvename>CVE-2018-18443</cvename>
+ <cvename>CVE-2018-18444</cvename>
+ </references>
+ <dates>
+ <discovery>2018-10-17</discovery>
+ <entry>2019-12-29</entry>
+ </dates>
+ </vuln>
+
<vuln vid="7b97b32e-27c4-11ea-9673-4c72b94353b5">
<topic>wordpress -- multiple issues</topic>
<affects>
More information about the svn-ports-head
mailing list