[Secure-testing-commits] r56221 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Sep 28 12:00:34 UTC 2017 

Author: carnil
Date: 2017-09-28 12:00:34 +0000 (Thu, 28 Sep 2017)
New Revision: 56221

Modified:
   data/CVE/list
Log:
Add new exiv2 issues, asked reporter to please contact upstream

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-28 11:40:54 UTC (rev 56220)
+++ data/CVE/list	2017-09-28 12:00:34 UTC (rev 56221)
@@ -1,23 +1,43 @@
 CVE-2017-14866 (There is a heap-based buffer overflow in the Exiv2::s2Data function of ...)
-	TODO: check
+	- exiv2 <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494781
+	TODO: check, asked reporter to contact upstream
 CVE-2017-14865 (There is a heap-based buffer overflow in the Exiv2::us2Data function of ...)
-	TODO: check
+	- exiv2 <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494778
+	TODO: check, asked reporter to contact upstream
 CVE-2017-14864 (An Invalid memory address dereference was discovered in Exiv2::getULong ...)
-	TODO: check
+	- exiv2 <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494467
+	TODO: check, asked reporter to contact upstream
 CVE-2017-14863 (A NULL pointer dereference was discovered in ...)
-	TODO: check
+	- exiv2 <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494443
+	TODO: check, asked reporter to contact upstream
 CVE-2017-14862 (An Invalid memory address dereference was discovered in ...)
-	TODO: check
+	- exiv2 <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494786
+	TODO: check, asked reporter to contact upstream
 CVE-2017-14861 (There is a stack consumption vulnerability in the ...)
-	TODO: check
+	- exiv2 <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494787
+	TODO: check, asked reporter to contact upstream
 CVE-2017-14860 (There is a heap-based buffer over-read in the ...)
-	TODO: check
+	- exiv2 <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494776
+	TODO: check, asked reporter to contact upstream
 CVE-2017-14859 (An Invalid memory address dereference was discovered in ...)
-	TODO: check
+	- exiv2 <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494780
+	TODO: check, asked reporter to contact upstream
 CVE-2017-14858 (There is a heap-based buffer overflow in the Exiv2::l2Data function of ...)
-	TODO: check
+	- exiv2 <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494782
+	TODO: check, asked reporter to contact upstream
 CVE-2017-14857 (In Exiv2 0.26, there is an invalid free in the Image class in image.cpp ...)
-	TODO: check
+	- exiv2 <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495043
+	TODO: check, asked reporter to contact upstream
 CVE-2017-14856
 	RESERVED
 CVE-2017-14855

More information about the Secure-testing-commits mailing list