Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability roundup 54: openexr: 2 advisories #51460

Closed
2 tasks done
ckauhaus opened this issue Dec 3, 2018 · 2 comments
Closed
2 tasks done

Vulnerability roundup 54: openexr: 2 advisories #51460

ckauhaus opened this issue Dec 3, 2018 · 2 comments
Assignees
@ckauhaus
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one

Comments

@ckauhaus
Copy link
Contributor

ckauhaus commented Dec 3, 2018
edited
Loading

search, files

Scanned versions: nixos-unstable: 3a393ee; nixos-18.09: db561c9. May contain false positives.
@c0bw3b c0bw3b added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Dec 3, 2018
@globin globin added 2.status: wait-for-upstream Waiting for upstream fix (or their other action). 9.needs: upstream fix This PR needs upstream to change something labels Dec 3, 2018
@globin
Copy link
Member

globin commented Dec 3, 2018

Upstream issues:
AcademySoftwareFoundation/openexr#351
AcademySoftwareFoundation/openexr#350

I'd wait for further response there.

@ckauhaus ckauhaus mentioned this issue Mar 9, 2019
Closed
2 tasks
@ckauhaus
Copy link
Contributor Author

Upstream has released 2.4.0 incorporating the fixes, but they have also changed the CMake setup. I'd leave the package bump to others and try to backport only the relevant security patches to 2.3.0.

This was referenced Oct 27, 2019
Merged
Merged
@ckauhaus ckauhaus removed 2.status: wait-for-upstream Waiting for upstream fix (or their other action). 9.needs: upstream fix This PR needs upstream to change something labels Oct 27, 2019
@ckauhaus ckauhaus self-assigned this Oct 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ckauhaus ckauhaus

Labels
1.severity: security Issues which raise a security issue, or PRs that fix one
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@globin @ckauhaus @c0bw3b