[Secure-testing-commits] r56964 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Wed Oct 25 14:03:54 UTC 2017
Author: hertzog
Date: 2017-10-25 14:03:54 +0000 (Wed, 25 Oct 2017)
New Revision: 56964
Modified:
data/CVE/list
Log:
Add patch URL for exiv2 CVE and mark some as not-affected on wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-25 13:50:59 UTC (rev 56963)
+++ data/CVE/list 2017-10-25 14:03:54 UTC (rev 56964)
@@ -2577,6 +2577,7 @@
- restlet <itp> (bug #596472)
CVE-2017-14866 (There is a heap-based buffer overflow in the Exiv2::s2Data function of ...)
- exiv2 <unfixed>
+ [wheezy] - exiv2 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/Exiv2/exiv2/issues/140
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494781
TODO: check
@@ -2584,8 +2585,10 @@
NOTE: Reproducible in experimental(0.26-1) with valgrind (and "free(): corrupted unsorted chunks" without valgrind).
CVE-2017-14865 (There is a heap-based buffer overflow in the Exiv2::us2Data function of ...)
- exiv2 <unfixed>
+ [wheezy] - exiv2 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/Exiv2/exiv2/issues/134
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494778
+ NOTE: Patch: https://github.com/Exiv2/exiv2/commit/d3c2b9938583440f87ce9115de5a7e8cd8f8db57
TODO: check
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with valgrind (and "free(): corrupted unsorted chunks" without valgrind).
@@ -2593,6 +2596,8 @@
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/issues/73
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494467
+ NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110
+ NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca
TODO: check
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
@@ -2607,11 +2612,14 @@
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/issues/75
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494786
+ NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110
+ NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca
TODO: check
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
CVE-2017-14861 (There is a stack consumption vulnerability in the ...)
- exiv2 <unfixed>
+ [wheezy] - exiv2 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/Exiv2/exiv2/issues/139
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494787
TODO: check
@@ -2619,8 +2627,10 @@
NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
CVE-2017-14860 (There is a heap-based buffer over-read in the ...)
- exiv2 <unfixed>
+ [wheezy] - exiv2 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/Exiv2/exiv2/issues/71
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494776
+ NOTE: Patch: https://github.com/Exiv2/exiv2/pull/108
TODO: check
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
@@ -2628,6 +2638,8 @@
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/issues/74
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494780
+ NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110
+ NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca
TODO: check
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1).
@@ -2640,6 +2652,7 @@
NOTE: Reproducible in experimental(0.26-1) with a different error (double free or corruption (out))
CVE-2017-14857 (In Exiv2 0.26, there is an invalid free in the Image class in image.cpp ...)
- exiv2 <unfixed>
+ [wheezy] - exiv2 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/Exiv2/exiv2/issues/76
NOTE: https://github.com/Exiv2/exiv2/issues/124
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495043
More information about the Secure-testing-commits
mailing list