[Secure-testing-commits] r57066 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sat Oct 28 12:22:22 UTC 2017
Author: jmm
Date: 2017-10-28 12:22:22 +0000 (Sat, 28 Oct 2017)
New Revision: 57066
Modified:
data/CVE/list
Log:
exiv2 bug
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-28 10:34:03 UTC (rev 57065)
+++ data/CVE/list 2017-10-28 12:22:22 UTC (rev 57066)
@@ -2761,11 +2761,10 @@
RESERVED
- restlet <itp> (bug #596472)
CVE-2017-14866 (There is a heap-based buffer overflow in the Exiv2::s2Data function of ...)
- [experimental] - exiv2 <unfixed>
+ [experimental] - exiv2 <unfixed> (bug #880015)
- exiv2 <not-affected> (Versions prior to 0.26 don't parse ICC profiles yet)
NOTE: https://github.com/Exiv2/exiv2/issues/140
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494781
- TODO: file bug against version in experimental
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with valgrind (and "free(): corrupted unsorted chunks" without valgrind).
CVE-2017-14865 (There is a heap-based buffer overflow in the Exiv2::us2Data function of ...)
More information about the Secure-testing-commits
mailing list