[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2017-17669/exiv2 fixed in unstable

Sun Feb 2 13:25:57 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3434fee3 by Salvatore Bonaccorso at 2020-02-02T14:23:24+01:00
CVE-2017-17669/exiv2 fixed in unstable

- - - - -
12a03f77 by Salvatore Bonaccorso at 2020-02-02T14:24:25+01:00
CVE-2017-18005/exiv2 fixed in unstable

- - - - -
9a37f99e by Salvatore Bonaccorso at 2020-02-02T14:25:15+01:00
Track fixed version for CVE-2018-19107/exiv2 in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77223,7 +77223,7 @@ CVE-2018-19108 (In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in
 	NOTE: https://github.com/Exiv2/exiv2/commit/b7c71f3ad0386cd7af3b73443c0615ada073f0d5
 CVE-2018-19107 (In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdi ...)
 	{DLA-1691-1}
-	- exiv2 <unfixed> (bug #913273)
+	- exiv2 0.27.2-6 (bug #913273)
 	[buster] - exiv2 <ignored> (Minor issue)
 	[stretch] - exiv2 <ignored> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/issues/427
@@ -119170,7 +119170,7 @@ CVE-2017-18007
 CVE-2017-18006 (netpub/server.np in Extensis Portfolio NetPublish has XSS in the quick ...)
 	NOT-FOR-US: Extensis Portfolio NetPublish
 CVE-2017-18005 (Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toL ...)
-	- exiv2 <unfixed> (low; bug #885981)
+	- exiv2 0.27.2-6 (low; bug #885981)
 	[buster] - exiv2 <ignored> (Minor issue)
 	[stretch] - exiv2 <ignored> (Minor issue)
 	[jessie] - exiv2 <ignored> (Minor issue)
@@ -125811,7 +125811,7 @@ CVE-2017-17670 (In VideoLAN VLC media player through 2.2.8, there is a type conv
 	NOTE: http://www.openwall.com/lists/oss-security/2017/12/15/1
 	NOTE: POC: https://gist.github.com/dyntopia/194d912287656f66dd502158b0cd2e68
 CVE-2017-17669 (There is a heap-based buffer over-read in the Exiv2::Internal::PngChun ...)
-	- exiv2 <unfixed> (bug #886006)
+	- exiv2 0.27.2-6 (bug #886006)
 	[buster] - exiv2 <ignored> (Minor issue)
 	[stretch] - exiv2 <ignored> (Minor issue)
 	[jessie] - exiv2 <ignored> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6c57ed10fbe38ff8445db275029342b4558d9771...9a37f99e76f33e054b809e47348ccd80bdf54966

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/6c57ed10fbe38ff8445db275029342b4558d9771...9a37f99e76f33e054b809e47348ccd80bdf54966
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200202/b5fc6a46/attachment.html>
