Bug 30390

Summary: openexr possible new security issues rhbz#2077539, rhbz#2077540, rhbz#2077546, rhbz#2077549
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: ghibomgx, nicolas.salguero
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: openexr-2.5.7-1.3.mga8.src.rpm CVE:
Status comment: Fixed upstream in 3.1.5

Description David Walser 2022-05-07 21:29:50 CEST 
Fedora has issued an advisory today (May 7):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BIGOY2HN5ESENKKD7CAJ6WXXTRPRN47Q/

The issues are fixed upstream in 3.1.5 (already in Cauldron).
David Walser 2022-05-07 21:30:08 CEST

CC: (none) => nicolas.salguero
Status comment: (none) => Fixed upstream in 3.1.5

Comment 1 Lewis Smith 2022-05-09 21:51:27 CEST 
This package is formally with ghibo, but NicolasS has done most recent updates, so assigning to you; CC'ing Giuseppe in hope.

3.1.5 (already in Cauldron) - thanks to luigi.

CC: nicolas.salguero => ghibomgx
Assignee: bugsquad => nicolas.salguero

Comment 2 Giuseppe Ghibò 2022-05-09 23:08:05 CEST 
Indeed you are problably referring to openxr, which is not the same as openexr (OpenEXR). Anyway this package has a long list of dependency so upgrading to 3.1.x would probably break and need to recompile other dep packages. I looked at the github site and seems there is a version 2.5.8 with latest commits to march 2022, but haven't checked whether those include the security fixes.
Comment 3 Giuseppe Ghibò 2022-05-09 23:09:49 CEST 
s/problably/probably/
Nicolas Salguero 2022-11-03 13:56:22 CET

Assignee: nicolas.salguero => pkg-bugs

Comment 4 Nicolas Salguero 2024-01-12 09:50:49 CET 
Mageia 8 EOL

CC: (none) => nicolas.salguero
Status: NEW => RESOLVED
Resolution: (none) => OLD