[Git][security-tracker-team/security-tracker][master] exiv2/CVE-2018-16336 change undetermined -> unfixed; reproduced on jessie and…
Roberto C. Sánchez
roberto at debian.org
Thu Oct 11 05:11:14 BST 2018
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker
Commits:
16e32bce by Roberto C. Sánchez at 2018-10-11T04:10:18Z
exiv2/CVE-2018-16336 change undetermined -> unfixed; reproduced on jessie and affected code in stretch is identical
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4398,9 +4398,10 @@ CVE-2018-16338 (An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerab
CVE-2018-16337 (An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability ...)
NOT-FOR-US: Cscms
CVE-2018-16336 (Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote ...)
- - exiv2 <undetermined>
+ - exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/issues/400
NOTE: https://github.com/Exiv2/exiv2/commit/35b3e596edacd2437c2c5d3dd2b5c9502626163d
+ NOTE: reproduced with ASAN build (on jessie) and POC file provided in GitHub issue
CVE-2018-16335 (newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c ...)
- tiff <unfixed> (bug #907795)
[stretch] - tiff <postponed> (Can be fixed along in future DSA)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/16e32bce9234c363f773bdc13567c8e3a96a5a3b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/16e32bce9234c363f773bdc13567c8e3a96a5a3b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181011/07a00d06/attachment.html>
More information about the debian-security-tracker-commits
mailing list