[Secure-testing-commits] r55321 - data/CVE

Thu Aug 31 15:37:07 UTC 2017

Author: hertzog
Date: 2017-08-31 15:37:07 +0000 (Thu, 31 Aug 2017)
New Revision: 55321

Modified:
   data/CVE/list
Log:
Reported all exiv2 issues to upstream

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-08-31 15:36:57 UTC (rev 55320)
+++ data/CVE/list	2017-08-31 15:37:07 UTC (rev 55321)
@@ -2476,12 +2476,15 @@
 	NOTE: Crash in CLI tool, no security impact
 CVE-2017-12957 (There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that ...)
 	- exiv2 <unfixed>
+	NOTE: https://github.com/Exiv2/exiv2/issues/60
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482423
 CVE-2017-12956 (There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() ...)
 	- exiv2 <unfixed>
+	NOTE: https://github.com/Exiv2/exiv2/issues/59
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482296
 CVE-2017-12955 (There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The ...)
 	- exiv2 <unfixed>
+	NOTE: https://github.com/Exiv2/exiv2/issues/58
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482295
 CVE-2017-12954 (The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig ...)
 	- libgig <unfixed> (bug #873718)
@@ -6078,6 +6081,8 @@
 	- exiv2 <unfixed> (low)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	[jessie] - exiv2 <no-dsa> (Minor issue)
+	NOTE: http://dev.exiv2.org/issues/1307
+	NOTE: https://github.com/Exiv2/exiv2/issues/57
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475124
 CVE-2017-11682 (Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows ...)
 	NOT-FOR-US: Hashtopussy
@@ -6415,11 +6420,13 @@
 	- exiv2 <unfixed> (low)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	[jessie] - exiv2 <no-dsa> (Minor issue)
+	NOTE: https://github.com/Exiv2/exiv2/issues/56
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889
 CVE-2017-11591 (There is a Floating point exception in the Exiv2::ValueType function in ...)
 	- exiv2 <unfixed> (low)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	[jessie] - exiv2 <no-dsa> (Minor issue)
+	NOTE: https://github.com/Exiv2/exiv2/issues/55
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473888
 CVE-2017-11590 (There is a NULL pointer dereference in the caseless_hash function in ...)
 	{DLA-1054-1}
@@ -6540,6 +6547,7 @@
 	- exiv2 <unfixed> (low)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	[jessie] - exiv2 <no-dsa> (Minor issue)
+	NOTE: https://github.com/Exiv2/exiv2/issues/54
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1471772
 CVE-2017-11552 (The mad_decoder_run function in decoder.c in libmad 0.15.1b allows ...)
 	- libmad <unfixed> (low; bug #870406)
@@ -7141,26 +7149,31 @@
 	- exiv2 <unfixed> (bug #868578)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	[jessie] - exiv2 <no-dsa> (Minor issue)
+	NOTE: https://github.com/Exiv2/exiv2/issues/53
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470950
 CVE-2017-11339 (There is a heap-based buffer overflow in the Image::printIFDStructure ...)
 	- exiv2 <unfixed> (bug #868578)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	[jessie] - exiv2 <no-dsa> (Minor issue)
+	NOTE: https://github.com/Exiv2/exiv2/issues/52
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470946
 CVE-2017-11338 (There is an infinite loop in the Exiv2::Image::printIFDStructure ...)
 	- exiv2 <unfixed> (bug #868578)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	[jessie] - exiv2 <no-dsa> (Minor issue)
+	NOTE: https://github.com/Exiv2/exiv2/issues/51
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470913
 CVE-2017-11337 (There is an invalid free in the Action::TaskFactory::cleanup function ...)
 	- exiv2 <unfixed> (bug #868578)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	[jessie] - exiv2 <no-dsa> (Minor issue)
+	NOTE: https://github.com/Exiv2/exiv2/issues/50
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470737
 CVE-2017-11336 (There is a heap-based buffer over-read in the Image::printIFDStructure ...)
 	- exiv2 <unfixed> (bug #868578)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
 	[jessie] - exiv2 <no-dsa> (Minor issue)
+	NOTE: https://github.com/Exiv2/exiv2/issues/49
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470729
 CVE-2017-11335 (There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF ...)
 	- tiff 4.0.8-4 (bug #868513)


