Oval Definition:	oval:org.mitre.oval:def:13387
Revision Date: 2011-11-21 Version: 19 Title: DSA-1842-1 openexr -- several Description: Several vulnerabilities have been discovered in the OpenEXR image library, which can lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1720 Drew Yao discovered integer overflows in the preview and compression code. CVE-2009-1721 Drew Yao discovered that an uninitialised pointer could be freed in the decompression code. CVE-2009-1722 A buffer overflow was discovered in the compression code. For the old stable distribution , these problems have been fixed in version 1.2.2-4.3+etch2. For the stable distribution , these problems have been fixed in version 1.6.1-3+lenny3. For the unstable distribution , these problems will be fixed soon. We recommend that you upgrade your openexr packages. Family: unix Class: patch Status: ACCEPTED Reference(s): DSA-1842-1 Platform(s): Debian 4.0 Debian 5.0 Product(s): openexr Definition Synopsis Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture depended section Supported architectures section Installed architecture is s390 OR Installed architecture is amd64 OR Installed architecture is sparc OR Installed architecture is arm OR Installed architecture is i386 OR Installed architecture is armel OR Installed architecture is mips OR Installed architecture is ia64 OR Installed architecture is alpha OR Installed architecture is powerpc OR Installed architecture is mipsel OR Installed architecture is hppa AND Packages section libopenexr-dev DPKG is earlier than 1.6.1-3+lenny3 OR openexr DPKG is earlier than 1.6.1-3+lenny3 OR libopenexr6 DPKG is earlier than 1.6.1-3+lenny3 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Packages section openexr DPKG is earlier than 1.2.2-4.3+etch2 OR libopenexr-dev DPKG is earlier than 1.2.2-4.3+etch2 OR libopenexr2c2a DPKG is earlier than 1.2.2-4.3+etch2
BACK