Bug 294196 - security/vuxml: document openexr 3.4.9 vulnerabilities
Summary: security/vuxml: document openexr 3.4.9 vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Fernando Apesteguía
URL: https://lists.aswf.io/g/openexr-dev/m...
Keywords: patch-ready, security
Depends on:
Blocks: 294197
  Show dependency treegraph
 
Reported: 2026-04-02 09:13 UTC by Matthias Andree
Modified: 2026-04-03 10:08 UTC (History)
3 users (show)

See Also:
fernape: maintainer-feedback+

Attachments
adds OpenEXR < 3.4.9 VuXML entry (2.52 KB, patch)
2026-04-02 09:13 UTC, Matthias Andree 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Andree freebsd_committer freebsd_triage 2026-04-02 09:13:04 UTC 
Created attachment 269309 [details]
adds OpenEXR < 3.4.9 VuXML entry

OpenEXR 3.4.9 is due tomorrow for security fixes, see https://lists.aswf.io/g/openexr-dev/message/5436
Comment 1 Fernando Apesteguía freebsd_committer freebsd_triage 2026-04-02 18:18:57 UTC 
LGTM.

Thanks for the VuXML entry!
Note that these entries don't necessarily block the software update (as in bug #294197).
Comment 2 Fernando Apesteguía freebsd_committer freebsd_triage 2026-04-03 10:07:39 UTC 
Committed,

Thanks!
Comment 3 commit-hook freebsd_committer freebsd_triage 2026-04-03 10:08:07 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=53ac816170a6e0ca56dbb01e11495eeda6ce7998

commit 53ac816170a6e0ca56dbb01e11495eeda6ce7998
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2026-04-03 10:05:44 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2026-04-03 10:07:11 +0000

    security/vuxml: add openexr < 3.4.9 vulns

    Security:       CVE-2026-34589
    Security:       CVE-2026-34588
    Security:       CVE-2026-34380
    Security:       CVE-2026-34379
    Security:       CVE-2026-34378
    Security:       adb096d4-2e72-11f1-acc1-339a1a6999b0

    PR:     294196

 security/vuxml/vuln/2026.xml | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)