[Secure-testing-commits] r55917 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Sep 20 04:18:48 UTC 2017
Author: carnil
Date: 2017-09-20 04:18:48 +0000 (Wed, 20 Sep 2017)
New Revision: 55917
Modified:
data/CVE/list
Log:
Update CVE-2017-12957
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-20 04:17:13 UTC (rev 55916)
+++ data/CVE/list 2017-09-20 04:18:48 UTC (rev 55917)
@@ -4128,14 +4128,10 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482429
NOTE: Crash in CLI tool, no security impact
CVE-2017-12957 (There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that ...)
- - exiv2 <unfixed>
- [stretch] - exiv2 <not-affected> (Incorrect memory allocation introduced in 0.26)
- [jessie] - exiv2 <not-affected> (Incorrect memory allocation introduced in 0.26)
- [wheezy] - exiv2 <not-affected> (Incorrect memory allocation introduced in 0.26)
+ - exiv2 <not-affected> (Incorrect memory allocation introduced in 0.26)
NOTE: https://github.com/Exiv2/exiv2/issues/60
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482423
- NOTE: Experimental is affected, unstable is not, strictly speaking this could all
- NOTE: be marked <not-affected>, but keeping it marked <unfixed> to ensure we track the fix
+ NOTE: Experimental is affected, tracking as #876242
CVE-2017-12956 (There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() ...)
- exiv2 <unfixed>
[wheezy] - exiv2 <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list