[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] LTS: annotate CVE-2018-4868/exiv2 does not affect wheezy
Roberto C. Sánchez
roberto at debian.org
Thu Jan 11 03:45:56 UTC 2018
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3f55e61a by Roberto C. Sánchez at 2018-01-10T22:45:23-05:00
LTS: annotate CVE-2018-4868/exiv2 does not affect wheezy
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1011,6 +1011,7 @@ CVE-2018-4868 (The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exi
- exiv2 <unfixed>
[stretch] - exiv2 <no-dsa> (Minor issue)
[jessie] - exiv2 <no-dsa> (Minor issue)
+ [wheezy] - exiv2 <not-affected> (Reproducer does not cause failure; vulnerable code not present)
NOTE: https://github.com/Exiv2/exiv2/issues/202
CVE-2017-1000500 (Keycloak SSO versions prior to 2.x are vulnerable to Host Header ...)
NOT-FOR-US: Keycloak
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f55e61a695b8d87ddc232438e3cfff3515a0e51
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f55e61a695b8d87ddc232438e3cfff3515a0e51
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180111/f6fc9f42/attachment.html>
More information about the Secure-testing-commits
mailing list