[Secure-testing-commits] r56323 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Sun Oct 1 18:51:21 UTC 2017
Author: hertzog
Date: 2017-10-01 18:51:21 +0000 (Sun, 01 Oct 2017)
New Revision: 56323
Modified:
data/CVE/list
Log:
Add some reproducibility results on some exiv CVE
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-01 17:35:44 UTC (rev 56322)
+++ data/CVE/list 2017-10-01 18:51:21 UTC (rev 56323)
@@ -272,14 +272,20 @@
- exiv2 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494780
TODO: check, asked reporter to contact upstream
+ NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
+ NOTE: Reproducible in experimental(0.26-1).
CVE-2017-14858 (There is a heap-based buffer overflow in the Exiv2::l2Data function of ...)
- exiv2 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494782
TODO: check, asked reporter to contact upstream
+ NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
+ NOTE: Reproducible in experimental(0.26-1) with a different error (double free or corruption (out))
CVE-2017-14857 (In Exiv2 0.26, there is an invalid free in the Image class in image.cpp ...)
- exiv2 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495043
TODO: check, asked reporter to contact upstream
+ NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
+ NOTE: Reproducible in experimental(0.26-1).
CVE-2017-14856
RESERVED
CVE-2017-14855
More information about the Secure-testing-commits
mailing list