[Git][security-tracker-team/security-tracker][master] exiv2 fixed

Fri Jun 29 13:25:21 BST 2018

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f74d9bb by Moritz Muehlenhoff at 2018-06-29T14:24:53+02:00
exiv2 fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1965,12 +1965,12 @@ CVE-2018-12266 (system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input
 	NOT-FOR-US: HongCMS
 CVE-2018-12265 (Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in ...)
 	{DLA-1402-1}
-	- exiv2 <unfixed> (bug #901706)
+	- exiv2 0.25-4 (bug #901706)
 	NOTE: https://github.com/Exiv2/exiv2/issues/365
 	NOTE: https://github.com/Exiv2/exiv2/commit/937a1a2bd067b8b3b787f3757089d972f3a39853
 CVE-2018-12264 (Exiv2 0.26 has integer overflows in LoaderTiff::getData() in ...)
 	{DLA-1402-1}
-	- exiv2 <unfixed> (bug #901707)
+	- exiv2 0.25-4 (bug #901707)
 	NOTE: https://github.com/Exiv2/exiv2/issues/366
 	NOTE: https://github.com/Exiv2/exiv2/commit/fe70939f54476e99046245ca69ff27012401f759
 CVE-2018-12263 (portfolioCMS 1.0.5 allows upload of arbitrary .php files via the ...)
@@ -3775,7 +3775,7 @@ CVE-2018-11532 (An issue was discovered in the ChangUonDyU Advanced Statistics p
 	NOT-FOR-US: MyBB plugin
 CVE-2018-11531 (Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. ...)
 	{DLA-1402-1}
-	- exiv2 <unfixed>
+	- exiv2 0.25-4
 	NOTE: https://github.com/Exiv2/exiv2/issues/283
 	NOTE: https://github.com/Exiv2/exiv2/commit/ed874703ad553338f973d537b8159d0eb4375cc4
 	NOTE: https://github.com/Exiv2/exiv2/commit/863aaebc92ff0b0ee3d302b7b5291002c043bc7b
@@ -5144,13 +5144,13 @@ CVE-2018-11000
 	RESERVED
 CVE-2018-10999 (An issue was discovered in Exiv2 0.26. The ...)
 	{DLA-1402-1}
-	- exiv2 <unfixed>
+	- exiv2 0.25-4
 	NOTE: https://github.com/Exiv2/exiv2/issues/306
 	NOTE: https://github.com/Exiv2/exiv2/commit/2fb00c8a16ce93756cddd70536e361a49369ba88
 	NOTE: https://github.com/Exiv2/exiv2/commit/3ad0050469e6ea63b4081f2a88c264ce8ab55c51
 CVE-2018-10998 (An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp ...)
 	{DLA-1402-1}
-	- exiv2 <unfixed>
+	- exiv2 0.25-4
 	NOTE: https://github.com/Exiv2/exiv2/issues/303
 	NOTE: https://github.com/Exiv2/exiv2/commit/f4e8ed2fd48d012467b99552f0d6378302a23c75
 CVE-2018-10997 (Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL ...)
@@ -5256,7 +5256,7 @@ CVE-2018-10959
 	RESERVED
 CVE-2018-10958 (In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT ...)
 	{DLA-1402-1}
-	- exiv2 <unfixed>
+	- exiv2 0.25-4
 	NOTE: https://github.com/Exiv2/exiv2/issues/302
 	NOTE: https://github.com/Exiv2/exiv2/commit/2fb00c8a16ce93756cddd70536e361a49369ba88
 	NOTE: https://github.com/Exiv2/exiv2/commit/3ad0050469e6ea63b4081f2a88c264ce8ab55c51



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f74d9bbc1b3141df4df389c1abd827eaf734cb6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f74d9bbc1b3141df4df389c1abd827eaf734cb6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180629/adaf9432/attachment.html>
