[Secure-testing-commits] r57813 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Nov 19 08:12:11 UTC 2017
Author: carnil
Date: 2017-11-19 08:12:11 +0000 (Sun, 19 Nov 2017)
New Revision: 57813
Modified:
data/CVE/list
Log:
Remove reference to issues/1248 for exiv2
Reason: http://www.openwall.com/lists/oss-security/2017/06/30/1 . The
three assigned CVEs are different issues. Hanno Boeck stated in the
oss-security post:
> I have not reported thoses issues upstream. When I previously tried to
> report bugs in exiv2 found via fuzzing the upstream author made it
> clear to me that he has little interest in fixing those issues and
> doesn't consider his software suitable to parse defect files (which
> basically means it's unsuitable for untrusted input). The discussion
> can be read here [1]. (the page is sometimes not available, searching
> for it in the google cache usually works though)
> [...]
> [1] http://dev.exiv2.org/issues/1248
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-19 08:11:51 UTC (rev 57812)
+++ data/CVE/list 2017-11-19 08:12:11 UTC (rev 57813)
@@ -33,7 +33,6 @@
CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser ...)
- exiv2 <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
- NOTE: http://dev.exiv2.org/issues/1248
NOTE: Can't seem to reproduce this in wheezy.
CVE-2017-16879
RESERVED
More information about the Secure-testing-commits
mailing list