1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-23 04:23:08 +00:00

Document graphics/ilmbase graphics/openexr vulnerabilities.

Security:	e4d9dffb-2a32-11ea-9693-e1b3f6feec79
Security:	CVE-2018-18443
Security:	CVE-2018-18444
This commit is contained in:
Matthias Andree 2019-12-29 12:11:09 +00:00
parent 03535a0e4b
commit 4d15461f06
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=521274

View File

@ -58,6 +58,44 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="e4d9dffb-2a32-11ea-9693-e1b3f6feec79">
<topic>OpenEXR -- heap buffer overflow, and out-of-memory bugs</topic>
<affects>
<package>
<name>ilmbase</name>
<range><lt>2.3.0_4</lt></range>
</package>
<package>
<name>openexr</name>
<range><lt>2.3.0_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Cary Phillips reports:</p>
<blockquote cite="https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.0">
<p>OpenEXR (IlmBase) v2.4.0 fixes the following security vulnerabilities:</p>
<ul>
<li>CVE-2018-18444 Issue #351 Out of Memory</li>
<li>CVE-2018-18443 Issue #350 heap-buffer-overflow</li>
</ul>
<p>The relevant patches have been backported to the FreeBSD ports.</p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.0</url>
<url>https://github.com/AcademySoftwareFoundation/openexr/issues/350</url>
<url>https://github.com/AcademySoftwareFoundation/openexr/issues/351</url>
<cvename>CVE-2018-18443</cvename>
<cvename>CVE-2018-18444</cvename>
</references>
<dates>
<discovery>2018-10-17</discovery>
<entry>2019-12-29</entry>
</dates>
</vuln>
<vuln vid="7b97b32e-27c4-11ea-9673-4c72b94353b5">
<topic>wordpress -- multiple issues</topic>
<affects>