[Secure-testing-commits] r53293 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Jul 8 20:34:11 UTC 2017


Author: carnil
Date: 2017-07-08 20:34:11 +0000 (Sat, 08 Jul 2017)
New Revision: 53293

Modified:
   data/CVE/list
Log:
Update status for CVE-2017-9953

Note for reviewers: I still would appreciate an indepented check of
another reviewer for this CVE.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-08 20:25:32 UTC (rev 53292)
+++ data/CVE/list	2017-07-08 20:34:11 UTC (rev 53293)
@@ -1266,12 +1266,11 @@
 	[wheezy] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21670
 CVE-2017-9953 (There is an invalid free in Image::printIFDStructure that leads to a ...)
-	- exiv2 <unfixed>
+	- exiv2 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465061
 	NOTE: Possibly introduced after https://github.com/Exiv2/exiv2/commit/fd5e983746c336336039e91cb6b656cf8eeccdea
 	NOTE: which introduces printIFDStructure function and later restructurated
 	NOTE: again. Around that commit upstream source though does not build.
-	TODO: check, seems to be introduced after upstream commit fd5e983746c336336039e91cb6b656cf8eeccdea
 CVE-2017-9952
 	RESERVED
 CVE-2017-9951




More information about the Secure-testing-commits mailing list