[Secure-testing-commits] r53293 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jul 8 20:34:11 UTC 2017
Author: carnil
Date: 2017-07-08 20:34:11 +0000 (Sat, 08 Jul 2017)
New Revision: 53293
Modified:
data/CVE/list
Log:
Update status for CVE-2017-9953
Note for reviewers: I still would appreciate an indepented check of
another reviewer for this CVE.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-08 20:25:32 UTC (rev 53292)
+++ data/CVE/list 2017-07-08 20:34:11 UTC (rev 53293)
@@ -1266,12 +1266,11 @@
[wheezy] - binutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21670
CVE-2017-9953 (There is an invalid free in Image::printIFDStructure that leads to a ...)
- - exiv2 <unfixed>
+ - exiv2 <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465061
NOTE: Possibly introduced after https://github.com/Exiv2/exiv2/commit/fd5e983746c336336039e91cb6b656cf8eeccdea
NOTE: which introduces printIFDStructure function and later restructurated
NOTE: again. Around that commit upstream source though does not build.
- TODO: check, seems to be introduced after upstream commit fd5e983746c336336039e91cb6b656cf8eeccdea
CVE-2017-9952
RESERVED
CVE-2017-9951
More information about the Secure-testing-commits
mailing list