[Secure-testing-commits] r55909 - data/CVE

Tue Sep 19 21:14:08 UTC 2017

Author: jmm
Date: 2017-09-19 21:14:08 +0000 (Tue, 19 Sep 2017)
New Revision: 55909

Modified:
   data/CVE/list
Log:
one libexiv entry confirmed, revert the rest. <not-affected> must only
 be used based on code analysis, not by running some reproducer, code
 path in older releases might be entirely different



Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-09-19 21:10:15 UTC (rev 55908)
+++ data/CVE/list	2017-09-19 21:14:08 UTC (rev 55909)
@@ -4128,17 +4128,15 @@
 	NOTE: Crash in CLI tool, no security impact
 CVE-2017-12957 (There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that ...)
 	- exiv2 <unfixed>
-	[stretch] - exiv2 <not-affected> (Vulnerable code not present)
-	[jessie] - exiv2 <not-affected> (Vulnerable code not present)
-	[wheezy] - exiv2 <not-affected> (Vulnerable code not present)
+	[stretch] - exiv2 <not-affected> (Incorrect memory allocation introduced in 0.26)
+	[jessie] - exiv2 <not-affected> (Incorrect memory allocation introduced in 0.26)
+	[wheezy] - exiv2 <not-affected> (Incorrect memory allocation introduced in 0.26)
 	NOTE: https://github.com/Exiv2/exiv2/issues/60
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482423
-	NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The file contains data of an unknown image type"
-	NOTE: Reproducible in experimental (0.26-1).
+	NOTE: Experimental is affected, unstable is not, strictly speaking this could all
+	NOTE: be marked <not-affected>, but keeping it marked <unfixed> to ensure we track the fix
 CVE-2017-12956 (There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() ...)
 	- exiv2 <unfixed>
-	[stretch] - exiv2 <not-affected> (Vulnerable code not present)
-	[jessie] - exiv2 <not-affected> (Vulnerable code not present)
 	[wheezy] - exiv2 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/Exiv2/exiv2/issues/59
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482296
@@ -4146,8 +4144,6 @@
 	NOTE: Reproducible in experimental (0.26-1).
 CVE-2017-12955 (There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The ...)
 	- exiv2 <unfixed>
-	[stretch] - exiv2 <not-affected> (Vulnerable code not present)
-	[jessie] - exiv2 <not-affected> (Vulnerable code not present)
 	[wheezy] - exiv2 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/Exiv2/exiv2/issues/58
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482295
@@ -8246,8 +8242,6 @@
 	NOT-FOR-US: Chrome extension Markdown Preview Plus
 CVE-2017-11592 (There is a Mismatched Memory Management Routines vulnerability in the ...)
 	- exiv2 <unfixed> (low)
-	[stretch] - exiv2 <not-affected> (Vulnerable code not present)
-	[jessie] - exiv2 <not-affected> (Vulnerable code not present)
 	[wheezy] - exiv2 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/Exiv2/exiv2/issues/56
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889
@@ -8377,8 +8371,6 @@
 	NOTE: https://github.com/sass/libsass/issues/2445
 CVE-2017-11553 (There is an illegal address access in the extend_alias_table function ...)
 	- exiv2 <unfixed> (low)
-	[stretch] - exiv2 <not-affected> (Not reproducible)
-	[jessie] - exiv2 <not-affected> (Not reproducible)
 	[wheezy] - exiv2 <not-affected> (Not reproducible)
 	NOTE: https://github.com/Exiv2/exiv2/issues/54
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1471772
@@ -8998,8 +8990,6 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470714
 CVE-2017-11340 (There is a Segmentation fault in the XmpParser::terminate() function in ...)
 	- exiv2 <unfixed> (bug #868578)
-	[stretch] - exiv2 <not-affected> (Not reproducible)
-	[jessie] - exiv2 <not-affected> (Not reproducible)
 	[wheezy] - exiv2 <not-affected> (Not reproducible)
 	NOTE: https://github.com/Exiv2/exiv2/issues/53
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470950
@@ -9007,8 +8997,6 @@
 	NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)".
 CVE-2017-11339 (There is a heap-based buffer overflow in the Image::printIFDStructure ...)
 	- exiv2 <unfixed> (bug #868578)
-	[stretch] - exiv2 <not-affected> (Vulnerable code not present)
-	[jessie] - exiv2 <not-affected> (Vulnerable code not present)
 	[wheezy] - exiv2 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/Exiv2/exiv2/issues/52
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470946
@@ -9016,8 +9004,6 @@
 	NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)".
 CVE-2017-11338 (There is an infinite loop in the Exiv2::Image::printIFDStructure ...)
 	- exiv2 <unfixed> (bug #868578)
-	[stretch] - exiv2 <not-affected> (Vulnerable code not present)
-	[jessie] - exiv2 <not-affected> (Vulnerable code not present)
 	[wheezy] - exiv2 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/Exiv2/exiv2/issues/51
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470913
@@ -9025,8 +9011,6 @@
 	NOTE: Reproducible with 0.26-1 (experimental).
 CVE-2017-11337 (There is an invalid free in the Action::TaskFactory::cleanup function ...)
 	- exiv2 <unfixed> (bug #868578)
-	[stretch] - exiv2 <not-affected> (Not reproducible)
-	[jessie] - exiv2 <not-affected> (Not reproducible)
 	[wheezy] - exiv2 <not-affected> (Not reproducible)
 	NOTE: https://github.com/Exiv2/exiv2/issues/50
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470737
@@ -9035,8 +9019,6 @@
 	NOTE: Action::TaskFactory::cleanup function is the same in all versions, so the problem is likely an earlier memory corruption.
 CVE-2017-11336 (There is a heap-based buffer over-read in the Image::printIFDStructure ...)
 	- exiv2 <unfixed> (bug #868578)
-	[stretch] - exiv2 <not-affected> (Vulnerable code not present)
-	[jessie] - exiv2 <not-affected> (Vulnerable code not present)
 	[wheezy] - exiv2 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/Exiv2/exiv2/issues/49
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470729


