[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new exiv2 issues

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8c2afcb by Moritz Muehlenhoff at 2018-03-26T23:06:24+02:00
new exiv2 issues
netpbm n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -91,11 +91,15 @@ CVE-2018-8979 (Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifyin
 CVE-2018-8978 (Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an ...)
 	NOT-FOR-US: Open-AudIT Professional
 CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in ...)
-	TODO: check
+	[experimental] - exiv2 <unfixed>
+	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
+	NOTE: https://github.com/Exiv2/exiv2/issues/247
 CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial ...)
-	TODO: check
+	- exiv2 <undetermined>
+	NOTE: https://github.com/Exiv2/exiv2/issues/246
 CVE-2018-8975 (The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through ...)
-	TODO: check
+	- netpbm-free <not-affected> (Vulnerable code not present)
+	NOTE: Debian uses an unaffected fork
 CVE-2018-8974
 	RESERVED
 CVE-2018-8973 (OTCMS 3.20 allows XSS by adding a keyword or link to an article, as ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8c2afcbd231620c26f29f51d0b39405afc0f910

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8c2afcbd231620c26f29f51d0b39405afc0f910
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180326/bf60239f/attachment.html>