bug#70174: OpenEXR is vulnerable to CVE-2023-5841 and CVE-2021-45942

bug-guix

From:	Vinicius Monego
Subject:	bug#70174: OpenEXR is vulnerable to CVE-2023-5841 and CVE-2021-45942
Date:	Thu, 4 Apr 2024 01:07:52 +0000

OpenEXR suffers from these vulnerabilities which were fixed in version3.2.2 [1] and 3.1.4 [2], respectively, while our version is currently 3.1.3.

The package contains 448 dependents, and a change in derivationshouldn't be pushed to master, at least according to the patchsubmission guidelines.


[1] https://nvd.nist.gov/vuln/detail/CVE-2023-5841

[2] https://nvd.nist.gov/vuln/detail/CVE-2021-45942

[Prev in Thread]

Current Thread

[Next in Thread]

bug#70174: OpenEXR is vulnerable to CVE-2023-5841 and CVE-2021-45942, Vinicius Monego <=
- bug#70174: OpenEXR is vulnerable to CVE-2023-5841 and CVE-2021-45942, John Kehayias, 2024/04/03
  - bug#70174: OpenEXR is vulnerable to CVE-2023-5841 and CVE-2021-45942, John Kehayias, 2024/04/03
    - bug#70174: OpenEXR is vulnerable to CVE-2023-5841 and CVE-2021-45942, John Kehayias, 2024/04/18