[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 5 commits: massive exiv2 triage (looong flight)
Moritz Muehlenhoff
jmm at debian.org
Tue Jan 30 12:44:07 UTC 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0ac5f8b9 by Moritz Muehlenhoff at 2018-01-30T13:40:24+01:00
massive exiv2 triage (looong flight)
- - - - -
f7300ff6 by Moritz Muehlenhoff at 2018-01-30T13:41:47+01:00
mupdf no-dsa
- - - - -
f175c663 by Moritz Muehlenhoff at 2018-01-30T13:42:22+01:00
libgd2 postponed
- - - - -
19f55008 by Moritz Muehlenhoff at 2018-01-30T13:42:57+01:00
python-werkzeug no-dsa
- - - - -
a7727eee by Moritz Muehlenhoff at 2018-01-30T13:43:41+01:00
ruby-http no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -495,6 +495,8 @@ CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in Routers2
NOT-FOR-US: Routers2
CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in ...)
- mupdf <unfixed> (bug #888487)
+ [stretch] - mupdf <no-dsa> (Minor issue)
+ [jessie] - mupdf <no-dsa> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698916
CVE-2018-6191 (The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an ...)
NOT-FOR-US: MuJS
@@ -532,6 +534,8 @@ CVE-2018-6188
RESERVED
CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow ...)
- mupdf <unfixed> (bug #888464)
+ [stretch] - mupdf <no-dsa> (Minor issue)
+ [jessie] - mupdf <no-dsa> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698908
CVE-2018-6186
RESERVED
@@ -1613,9 +1617,9 @@ CVE-2018-5776 (WordPress before 4.9.2 has XSS in the Flash fallback files in ...
NOTE: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
NOTE: https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
CVE-2018-5772 (In Exiv2 0.26, there is a segmentation fault caused by uncontrolled ...)
- - exiv2 <undetermined>
+ [experimental] - exiv2 <unfixed>
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
NOTE: https://github.com/Exiv2/exiv2/issues/216
- TODO: check
CVE-2018-5771
RESERVED
CVE-2018-5770
@@ -1795,6 +1799,8 @@ CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PH
NOTE: Fixed in 5.6.33, 7.0.27, 7.1.13, 7.2.1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75571
- libgd2 <unfixed> (bug #887485)
+ [stretch] - libgd2 <postponed> (Minor issue, can be fixed along in a future update)
+ [jessie] - libgd2 <postponed> (Minor issue, can be fixed along in a future update)
NOTE: https://github.com/libgd/libgd/issues/420
NOTE: https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04
CVE-2018-5710 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ...)
@@ -6250,9 +6256,9 @@ CVE-2017-18007
CVE-2017-18006 (netpub/server.np in Extensis Portfolio NetPublish has XSS in the ...)
NOT-FOR-US: Extensis Portfolio NetPublish
CVE-2017-18005 (Exiv2 0.26 has a Null Pointer Dereference in the ...)
- - exiv2 <unfixed> (bug #885981)
- [stretch] - exiv2 <no-dsa> (Minor issue)
- [jessie] - exiv2 <no-dsa> (Minor issue)
+ - exiv2 <unfixed> (low; bug #885981)
+ [stretch] - exiv2 <ignored> (Minor issue)
+ [jessie] - exiv2 <ignored> (Minor issue)
[wheezy] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/168
NOTE: Fixed via: https://github.com/Exiv2/exiv2/pull/199
@@ -12319,6 +12325,8 @@ CVE-2017-17670 (In VideoLAN VLC media player through 2.2.8, there is a type conv
NOTE: POC: https://gist.github.com/dyntopia/194d912287656f66dd502158b0cd2e68
CVE-2017-17669 (There is a heap-based buffer over-read in the ...)
- exiv2 <unfixed> (bug #886006)
+ [stretch] - exiv2 <ignored> (Minor issue)
+ [jessie] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/187
CVE-2017-17668
RESERVED
@@ -17059,17 +17067,19 @@ CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 thro
NOT-FOR-US: Phoenix Framework
CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...)
- exiv2 <unfixed>
+ [stretch] - exiv2 <ignored> (Minor issue)
+ [jessie] - exiv2 <ignored> (Minor issue)
[wheezy] - exiv2 <not-affected> (Cannot reproduce with crash file)
NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
NOTE: https://github.com/Exiv2/exiv2/issues/177
CVE-2017-1000127 (Exiv2 0.26 contains a heap buffer overflow in tiff parser ...)
- - exiv2 <unfixed>
- [wheezy] - exiv2 <not-affected> (Cannot reproduce with crash file)
+ [experimental] - exiv2 <unfixed> (low)
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
NOTE: https://github.com/Exiv2/exiv2/issues/176
CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser ...)
- - exiv2 <unfixed>
- [wheezy] - exiv2 <not-affected> (Cannot reproduce with crash file)
+ [experimental] - exiv2 <unfixed> (low)
+ - exiv2 <not-affected> (WebP support introduced in 0.26)
NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
NOTE: https://github.com/Exiv2/exiv2/issues/175
CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in ...)
@@ -20505,6 +20515,7 @@ CVE-2017-15806 (The send function in the ezcMailMtaTransport class in Zeta Compo
CVE-2016-10516 (Cross-site scripting (XSS) vulnerability in the render_full function in ...)
{DLA-1191-1}
- python-werkzeug 0.11.11+dfsg1-1
+ [jessie] - python-werkzeug <no-dsa> (Minor issue)
NOTE: http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
NOTE: https://github.com/pallets/werkzeug/pull/1001
NOTE: https://github.com/pallets/werkzeug/commit/1034edc7f901dd645ec6e462754111b39002bd65
@@ -23373,40 +23384,40 @@ CVE-2017-14866 (There is a heap-based buffer overflow in the Exiv2::s2Data funct
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with valgrind (and "free(): corrupted unsorted chunks" without valgrind).
CVE-2017-14865 (There is a heap-based buffer overflow in the Exiv2::us2Data function of ...)
- - exiv2 <unfixed>
- [wheezy] - exiv2 <not-affected> (Vulnerable code not present)
+ [experimental] - exiv2 <unfixed>
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
NOTE: https://github.com/Exiv2/exiv2/issues/134
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494778
NOTE: Patch: https://github.com/Exiv2/exiv2/commit/d3c2b9938583440f87ce9115de5a7e8cd8f8db57
- TODO: check
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with valgrind (and "free(): corrupted unsorted chunks" without valgrind).
CVE-2017-14864 (An Invalid memory address dereference was discovered in Exiv2::getULong ...)
{DLA-1147-1}
- exiv2 <unfixed>
+ [stretch] - exiv2 <ignored> (Minor issue)
+ [jessie] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/73
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494467
NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110
NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca
- TODO: check
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
CVE-2017-14863 (A NULL pointer dereference was discovered in ...)
- - exiv2 <unfixed>
- [wheezy] - exiv2 <not-affected> (Vulnerable code not present)
+ [experimental] - exiv2 <unfixed> (low)
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
NOTE: https://github.com/Exiv2/exiv2/issues/132
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494443
- TODO: check
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with valgrind (and "free(): invalid next size (fast)" without valgrind).
CVE-2017-14862 (An Invalid memory address dereference was discovered in ...)
{DLA-1147-1}
- exiv2 <unfixed>
+ [stretch] - exiv2 <ignored> (Minor issue)
+ [jessie] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/75
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494786
NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110
NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca
- TODO: check
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
CVE-2017-14861 (There is a stack consumption vulnerability in the ...)
@@ -23417,22 +23428,22 @@ CVE-2017-14861 (There is a stack consumption vulnerability in the ...)
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
CVE-2017-14860 (There is a heap-based buffer over-read in the ...)
- - exiv2 <unfixed>
- [wheezy] - exiv2 <not-affected> (Vulnerable code not present)
+ [experimental] - exiv2 <unfixed> (low)
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
NOTE: https://github.com/Exiv2/exiv2/issues/71
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494776
NOTE: Patch: https://github.com/Exiv2/exiv2/pull/108
- TODO: check
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
CVE-2017-14859 (An Invalid memory address dereference was discovered in ...)
{DLA-1147-1}
- exiv2 <unfixed>
+ [stretch] - exiv2 <ignored> (Minor issue)
+ [jessie] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/74
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494780
NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110
NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca
- TODO: check
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1).
CVE-2017-14858 (There is a heap-based buffer overflow in the Exiv2::l2Data function of ...)
@@ -23444,12 +23455,11 @@ CVE-2017-14858 (There is a heap-based buffer overflow in the Exiv2::l2Data funct
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1) with a different error (double free or corruption (out))
CVE-2017-14857 (In Exiv2 0.26, there is an invalid free in the Image class in image.cpp ...)
- - exiv2 <unfixed>
- [wheezy] - exiv2 <not-affected> (Vulnerable code not present)
+ [experimental] - exiv2 <unfixed> (low)
+ - exiv2 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/Exiv2/exiv2/issues/76
NOTE: https://github.com/Exiv2/exiv2/issues/124
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495043
- TODO: check
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1).
CVE-2017-14856
@@ -28647,15 +28657,15 @@ CVE-2017-12957 (There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482423
NOTE: Experimental is affected, tracking as #876242
CVE-2017-12956 (There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() ...)
- - exiv2 <unfixed>
- [wheezy] - exiv2 <not-affected> (Vulnerable code not present)
+ [experimental] - exiv2 <unfixed> (low)
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
NOTE: https://github.com/Exiv2/exiv2/issues/59
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482296
NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The file contains data of an unknown image type"
NOTE: Reproducible in experimental (0.26-1).
CVE-2017-12955 (There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The ...)
- - exiv2 <unfixed>
- [wheezy] - exiv2 <not-affected> (Vulnerable code not present)
+ [experimental] - exiv2 <unfixed>
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
NOTE: https://github.com/Exiv2/exiv2/issues/58
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482295
NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The memory contains data of an unknown image type"
@@ -32674,8 +32684,8 @@ CVE-2017-11684 (There is an illegal address access in the build_table function i
CVE-2017-11683 (There is a reachable assertion in the ...)
{DLA-1147-1}
- exiv2 <unfixed> (low)
- [stretch] - exiv2 <no-dsa> (Minor issue)
- [jessie] - exiv2 <no-dsa> (Minor issue)
+ [stretch] - exiv2 <ignored> (Minor issue)
+ [jessie] - exiv2 <ignored> (Minor issue)
NOTE: http://dev.exiv2.org/issues/1307
NOTE: https://github.com/Exiv2/exiv2/issues/57
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475124
@@ -33040,8 +33050,8 @@ CVE-2017-11592 (There is a Mismatched Memory Management Routines vulnerability i
CVE-2017-11591 (There is a Floating point exception in the Exiv2::ValueType function in ...)
{DLA-1147-1}
- exiv2 <unfixed> (low; bug #876893)
- [stretch] - exiv2 <no-dsa> (Minor issue)
- [jessie] - exiv2 <no-dsa> (Minor issue)
+ [stretch] - exiv2 <ignored> (Minor issue)
+ [jessie] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/55
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473888
NOTE: Reproducible in wheezy/jessie/stretch/sid(0.25-3.1)/experimental(0.26-1).
@@ -33163,8 +33173,8 @@ CVE-2017-11554 (There is a stack consumption vulnerability in the lex function i
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2445
CVE-2017-11553 (There is an illegal address access in the extend_alias_table function ...)
- - exiv2 <unfixed> (low)
- [wheezy] - exiv2 <not-affected> (Not reproducible)
+ [experimental] - exiv2 <unfixed> (low)
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
NOTE: https://github.com/Exiv2/exiv2/issues/54
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1471772
NOTE: Not reproducible in wheezy/jessie/stretch.
@@ -33804,37 +33814,37 @@ CVE-2017-11341 (There is a heap based buffer over-read in lexer.hpp of LibSass 3
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470714
CVE-2017-11340 (There is a Segmentation fault in the XmpParser::terminate() function in ...)
- - exiv2 <unfixed> (bug #868578)
- [wheezy] - exiv2 <not-affected> (Not reproducible)
+ [experimental] - exiv2 <unfixed> (low; bug #868578)
+ - exiv2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/Exiv2/exiv2/issues/53
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470950
NOTE: Not reproducible in wheezy/jessie/stretch, I get "The file contains data of an unknown image type".
NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)".
CVE-2017-11339 (There is a heap-based buffer overflow in the Image::printIFDStructure ...)
- - exiv2 <unfixed> (bug #868578)
- [wheezy] - exiv2 <not-affected> (Vulnerable code not present)
+ [experimental] - exiv2 <unfixed> (bug #868578)
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
NOTE: https://github.com/Exiv2/exiv2/issues/52
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470946
NOTE: Not reproducible in wheezy/jessie/stretch, I get "The file contains data of an unknown image type".
NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)".
CVE-2017-11338 (There is an infinite loop in the Exiv2::Image::printIFDStructure ...)
- - exiv2 <unfixed> (bug #868578)
- [wheezy] - exiv2 <not-affected> (Vulnerable code not present)
+ [experimental] - exiv2 <unfixed> (low; bug #868578)
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
NOTE: https://github.com/Exiv2/exiv2/issues/51
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470913
NOTE: Not reproducible in wheezy/jessie/stretch, I get "No Exif data found in the file".
NOTE: Reproducible with 0.26-1 (experimental).
CVE-2017-11337 (There is an invalid free in the Action::TaskFactory::cleanup function ...)
- - exiv2 <unfixed> (bug #868578)
- [wheezy] - exiv2 <not-affected> (Not reproducible)
+ [experimental] - exiv2 <unfixed> (low; bug #868578)
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
NOTE: https://github.com/Exiv2/exiv2/issues/50
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470737
NOTE: Not reproducible in wheezy/jessie/stretch (even with valgrind), I get "No Exif data found in the file".
NOTE: Reproducible with 0.26-1 (experimental).
NOTE: Action::TaskFactory::cleanup function is the same in all versions, so the problem is likely an earlier memory corruption.
CVE-2017-11336 (There is a heap-based buffer over-read in the Image::printIFDStructure ...)
- - exiv2 <unfixed> (bug #868578)
- [wheezy] - exiv2 <not-affected> (Vulnerable code not present)
+ [experimental] - exiv2 <unfixed> (bug #868578)
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
NOTE: https://github.com/Exiv2/exiv2/issues/49
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470729
NOTE: Not reproducible in wheezy/jessie/stretch (even with valgrind).
@@ -40141,7 +40151,7 @@ CVE-2016-10375 (Yodl before 3.07.01 has a Buffer Over-read in the queue_push fun
CVE-2017-9239 (An issue was discovered in Exiv2 0.26. When the data structure of the ...)
{DLA-963-1}
- exiv2 0.25-3.1 (bug #863410)
- [jessie] - exiv2 <no-dsa> (Minor issue)
+ [jessie] - exiv2 <ignored> (Minor issue)
NOTE: http://dev.exiv2.org/issues/1296
NOTE: fix: https://github.com/Exiv2/exiv2/commit/2f8681e120d277e418941c4361c83b5028f67fd8
CVE-2017-9238
@@ -117795,6 +117805,7 @@ CVE-2015-1829 (Unspecified vulnerability in the Oracle HTTP Server component in
NOT-FOR-US: Oracle Fusion Middleware
CVE-2015-1828 (The Ruby http gem before 0.7.3 does not verify hostnames in SSL ...)
- ruby-http 1.0.2-2
+ [jessie] - ruby-http <no-dsa> (Minor issue)
NOTE: http.rb failed to call the `#post_connection_check` method on SSL connections.
NOTE: This method implements hostname verification, and without it `http.rb` was
NOTE: vulnerable to MitM attacks. The problem was corrected by calling
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/73225d9d933d27bf59bd6e1d581a74e09afe0609...a7727eee0bc5a2b8d322128cdce8453463810dfb
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/73225d9d933d27bf59bd6e1d581a74e09afe0609...a7727eee0bc5a2b8d322128cdce8453463810dfb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180130/1894554d/attachment.html>
More information about the Secure-testing-commits
mailing list