[Git][security-tracker-team/security-tracker][master] Track source package for three new exiv2 issues

Salvatore Bonaccorso carnil at debian.org
Mon Sep 24 06:24:05 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fac07959 by Salvatore Bonaccorso at 2018-09-24T05:23:08Z
Track source package for three new exiv2 issues

Keep undetermined for now as proper evaluation is still outstanding. But
it is clear already that it is associated with src:exiv2.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45,7 +45,8 @@ CVE-2018-17284
 CVE-2018-17283 (Zoho ManageEngine OpManager before 12.3 Build 123196 does not require ...)
 	NOT-FOR-US: Zoho ManageEngine OpManager
 CVE-2018-17282 (An issue was discovered in Exiv2 v0.26. The function ...)
-	TODO: check
+	- exiv2 <undetermined>
+	NOTE: https://github.com/Exiv2/exiv2/issues/457
 CVE-2018-17407 [writet1 protection against buffer overflow]
 	- texlive-bin 2018.20180907.48586-2 (bug #909317)
 	NOTE: Fixed by: https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c
@@ -166,9 +167,11 @@ CVE-2018-17231 (** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allo
 	- telegram-desktop <unfixed> (unimportant)
 	NOTE: Disputed as attack scenario does not cross a privilege boundary.
 CVE-2018-17230 (Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to ...)
-	TODO: check
+	- exiv2 <undetermined>
+	NOTE: https://github.com/Exiv2/exiv2/issues/455
 CVE-2018-17229 (Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to ...)
-	TODO: check
+	- exiv2 <undetermined>
+	NOTE: https://github.com/Exiv2/exiv2/issues/453
 CVE-2018-17228 (nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell ...)
 	NOT-FOR-US: nmap4j
 CVE-2018-17227



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fac079596d3bb3ddca9f2df88e4a8a8201c3e811

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fac079596d3bb3ddca9f2df88e4a8a8201c3e811
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180924/bb59244b/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list