[Git][security-tracker-team/security-tracker][master] 3 commits: Update tracking information for CVE-2017-11553 /exiv2

Sun Feb 2 13:17:38 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
07471640 by Salvatore Bonaccorso at 2020-02-02T14:13:30+01:00
Update tracking information for CVE-2017-11553 /exiv2

- - - - -
5c3e1b73 by Salvatore Bonaccorso at 2020-02-02T14:14:01+01:00
Update tracking information for CVE-2017-11592/exiv2

- - - - -
0feb4b82 by Salvatore Bonaccorso at 2020-02-02T14:16:57+01:00
Add fixed version via unstble for CVE-2017-11591/exiv2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -147511,15 +147511,12 @@ CVE-2017-11594 (Cross-site scripting (XSS) vulnerability in the Markdown parser
 CVE-2017-11593 (Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus  ...)
 	NOT-FOR-US: Chrome extension Markdown Preview Plus
 CVE-2017-11592 (There is a Mismatched Memory Management Routines vulnerability in the  ...)
-	[experimental] - exiv2 <unfixed> (bug #895568)
-	- exiv2 <not-affected> (printTiffStructure introduced in 0.26)
+	- exiv2 <not-affected> (printTiffStructure introduced in 0.26; only affected experimental; bug #895568)
 	NOTE: https://github.com/Exiv2/exiv2/issues/56
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889
-	NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1).
-	NOTE: Reproducible in experimental with version 0.26-1.
 CVE-2017-11591 (There is a Floating point exception in the Exiv2::ValueType function i ...)
 	{DLA-1147-1}
-	- exiv2 <unfixed> (low; bug #876893)
+	- exiv2 0.27.2-6 (low; bug #876893)
 	[buster] - exiv2 <ignored> (Minor issue)
 	[stretch] - exiv2 <ignored> (Minor issue)
 	[jessie] - exiv2 <ignored> (Minor issue)
@@ -147643,12 +147640,9 @@ CVE-2017-11554 (There is a stack consumption vulnerability in the lex function i
 	NOTE: https://github.com/sass/libsass/issues/2445
 	NOTE: https://github.com/sass/libsass/commit/7664114543757e932f5b1a2ff5295aa9b34f8623
 CVE-2017-11553 (There is an illegal address access in the extend_alias_table function  ...)
-	[experimental] - exiv2 <unfixed> (low; bug #888874)
-	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
+	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only present in experimental; bug #888874)
 	NOTE: https://github.com/Exiv2/exiv2/issues/54
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1471772
-	NOTE: Not reproducible in wheezy/jessie/stretch.
-	NOTE: Reproducible with 0.26-1 (experimental).
 CVE-2017-11552 (mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use wit ...)
 	- mpg321 0.3.2-2 (bug #870406)
 	[stretch] - mpg321 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1538f2bf07e2ed3011360ac5a1fe79cbd51a2a59...0feb4b8240e9ed7c375eed193a6addef4f0931c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1538f2bf07e2ed3011360ac5a1fe79cbd51a2a59...0feb4b8240e9ed7c375eed193a6addef4f0931c4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200202/8f77fa02/attachment.html>
