Comment # 3 on bug 1052454 from 
Yes, please do not close security-related bugs for yourself, but assign them
back to us (security-team@), so we can have another look at it. We will close
the bug once all necessary updates have been released.

It seems that this issue has been solved with pull request #9376
(https://github.com/opencv/opencv/pull/9376), the same as for CVE-2017-12604
(issue #9309). Unfortunately a lot of code has been re-factored with this
request, so it is not apparent (by a quick look) what the actual fix is. More
unfortunate is, that there are not a lot of details about the CVEs either, but
given that the one is a "double free" and the other one is a "out of bounds
write", they are no duplicates.

You are receiving this mail because: