[Secure-testing-commits] r57083 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Oct 28 15:50:37 UTC 2017
Author: carnil
Date: 2017-10-28 15:50:37 +0000 (Sat, 28 Oct 2017)
New Revision: 57083
Modified:
data/CVE/list
Log:
Reported another bug for exiv2 in experimental
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-28 15:44:18 UTC (rev 57082)
+++ data/CVE/list 2017-10-28 15:50:37 UTC (rev 57083)
@@ -2823,11 +2823,10 @@
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
CVE-2017-14861 (There is a stack consumption vulnerability in the ...)
- [experimental] - exiv2 <unfixed>
+ [experimental] - exiv2 <unfixed> (bug #880027)
- exiv2 <not-affected> (printIFDStructure introduced in 0.26)
NOTE: https://github.com/Exiv2/exiv2/issues/139
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494787
- TODO: report against experimental version
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
CVE-2017-14860 (There is a heap-based buffer over-read in the ...)
More information about the Secure-testing-commits
mailing list