[Git][security-tracker-team/security-tracker][master] 17 commits: Update status for CVE-2018-9145/exiv2
Salvatore Bonaccorso
carnil at debian.org
Sun Feb 2 19:51:24 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4897ad8c by Salvatore Bonaccorso at 2020-02-02T20:45:14+01:00
Update status for CVE-2018-9145/exiv2
- - - - -
1d9592cb by Salvatore Bonaccorso at 2020-02-02T20:45:37+01:00
Update status for CVE-2018-8977/exiv2
- - - - -
fdff3df5 by Salvatore Bonaccorso at 2020-02-02T20:45:55+01:00
Update status ofr CVE-2017-17725/exiv2
- - - - -
d59d13a8 by Salvatore Bonaccorso at 2020-02-02T20:46:11+01:00
Update status for CVE-2017-17724/exiv2
- - - - -
b45aa6d1 by Salvatore Bonaccorso at 2020-02-02T20:46:29+01:00
Update status for CVE-2017-17723/exiv2
- - - - -
618a01dd by Salvatore Bonaccorso at 2020-02-02T20:46:46+01:00
Update status for CVE-2017-17722/exiv2
- - - - -
c21e2925 by Salvatore Bonaccorso at 2020-02-02T20:47:11+01:00
Update status for CVE-2017-1000128/exiv2
- - - - -
12a1f69d by Salvatore Bonaccorso at 2020-02-02T20:47:29+01:00
Update status for CVE-2017-1000127/exiv2
- - - - -
de0530cc by Salvatore Bonaccorso at 2020-02-02T20:47:59+01:00
Update status for CVE-2017-1000126/exiv2
- - - - -
54289859 by Salvatore Bonaccorso at 2020-02-02T20:48:28+01:00
Update status for CVE-2017-14866/exiv2
- - - - -
af75f7c4 by Salvatore Bonaccorso at 2020-02-02T20:48:46+01:00
Update status for CVE-2017-14865/exiv2
- - - - -
9c04d315 by Salvatore Bonaccorso at 2020-02-02T20:49:04+01:00
Update status for CVE-2017-14863/exiv2
- - - - -
a8dba975 by Salvatore Bonaccorso at 2020-02-02T20:49:22+01:00
Update status for CVE-2017-14861/exiv2
- - - - -
d1ee34ac by Salvatore Bonaccorso at 2020-02-02T20:49:42+01:00
Update status for CVE-2017-14860/exiv2
- - - - -
c2285f59 by Salvatore Bonaccorso at 2020-02-02T20:49:59+01:00
Update status for CVE-2017-14857/exiv2
- - - - -
5f7d3a21 by Salvatore Bonaccorso at 2020-02-02T20:50:26+01:00
Update status for CVE-2017-12956/exiv2
- - - - -
4156cae4 by Salvatore Bonaccorso at 2020-02-02T20:50:41+01:00
Update status for CVE-2017-12955/exiv2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -103789,8 +103789,7 @@ CVE-2018-9147 (Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Ge
CVE-2018-9146
REJECTED
CVE-2018-9145 (In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issu ...)
- [experimental] - exiv2 <unfixed> (bug #910909)
- - exiv2 <not-affected> (Vulnerable code introduced later)
+ - exiv2 <not-affected> (Vulnerable code introduced later; only affected experimental; bug #910909)
NOTE: https://github.com/xiaoqx/pocs/tree/master/exiv2
NOTE: https://github.com/Exiv2/exiv2/pull/470
NOTE: Fixed with: https://github.com/Exiv2/exiv2/commit/c03f73268f65c73f9d3d7b670f13e48e92692750
@@ -104210,8 +104209,7 @@ CVE-2018-8979 (Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifyin
CVE-2018-8978 (Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an ...)
NOT-FOR-US: Open-AudIT Professional
CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonm ...)
- [experimental] - exiv2 <unfixed> (bug #894179)
- - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental, bug #)
NOTE: https://github.com/Exiv2/exiv2/issues/247
CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial ...)
- exiv2 0.27.2-6 (low; bug #903813)
@@ -120676,26 +120674,22 @@ CVE-2017-17727 (DedeCMS through 5.6 allows arbitrary file upload and PHP code ex
CVE-2017-17726
RESERVED
CVE-2017-17725 (In Exiv2 0.26, there is an integer overflow leading to a heap-based bu ...)
- [experimental] - exiv2 <unfixed>
- - exiv2 <not-affected> (Introduced in 0.26)
+ - exiv2 <not-affected> (Introduced in 0.26; only affected experimental)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1525055
NOTE: https://github.com/Exiv2/exiv2/issues/188
NOTE: https://github.com/Exiv2/exiv2/pull/193
CVE-2017-17724 (In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Ip ...)
- [experimental] - exiv2 <unfixed> (bug #891783)
- - exiv2 <not-affected> (Introduced in 0.26)
+ - exiv2 <not-affected> (Introduced in 0.26; only affected experimental; bug #891783)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524107
NOTE: https://github.com/Exiv2/exiv2/issues/210
NOTE: https://github.com/Exiv2/exiv2/commit/962962a8e9885ccbca28f624492f1427152a0695
CVE-2017-17723 (In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Im ...)
- [experimental] - exiv2 <unfixed>
- - exiv2 <not-affected> (Introduced in 0.26)
+ - exiv2 <not-affected> (Introduced in 0.26; only affected experimental)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524104
NOTE: https://github.com/Exiv2/exiv2/issues/229
NOTE: https://github.com/Exiv2/exiv2/commit/36df4bc997d74ecc447e4541e2fc3fda10586103
CVE-2017-17722 (In Exiv2 0.26, there is a reachable assertion in the readHeader functi ...)
- [experimental] - exiv2 <unfixed> (low; bug #891044)
- - exiv2 <not-affected> (Vulnerable code introduced in 0.26)
+ - exiv2 <not-affected> (Vulnerable code introduced in 0.26; only affected experimental; bug #891044)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524116
NOTE: https://github.com/Exiv2/exiv2/issues/208
NOTE: https://github.com/Exiv2/exiv2/issues/228 (duplicate)
@@ -131173,18 +131167,15 @@ CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulne
CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1. ...)
NOT-FOR-US: Phoenix Framework
CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...)
- [experimental] - exiv2 <unfixed>
- - exiv2 <not-affected> (Vulnerable code introduced in 0.26)
+ - exiv2 <not-affected> (Vulnerable code introduced in 0.26; only affected experimental)
NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
NOTE: https://github.com/Exiv2/exiv2/issues/177
CVE-2017-1000127 (Exiv2 0.26 contains a heap buffer overflow in tiff parser ...)
- [experimental] - exiv2 <unfixed> (low; bug #888863)
- - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888863)
NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
NOTE: https://github.com/Exiv2/exiv2/issues/176
CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser ...)
- [experimental] - exiv2 <unfixed> (low; bug #888864)
- - exiv2 <not-affected> (WebP support introduced in 0.26)
+ - exiv2 <not-affected> (WebP support introduced in 0.26; only affected experimental; bug #888864)
NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
NOTE: https://github.com/Exiv2/exiv2/issues/175
CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in tinfo/w ...)
@@ -137681,20 +137672,14 @@ CVE-2017-14869 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
CVE-2017-14868 (Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows ...)
- restlet <itp> (bug #596472)
CVE-2017-14866 (There is a heap-based buffer overflow in the Exiv2::s2Data function of ...)
- [experimental] - exiv2 <unfixed> (bug #880015)
- - exiv2 <not-affected> (Versions prior to 0.26 don't parse ICC profiles yet)
+ - exiv2 <not-affected> (Versions prior to 0.26 don't parse ICC profiles yet; only affected experimental; bug #880015)
NOTE: https://github.com/Exiv2/exiv2/issues/140
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494781
- NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
- NOTE: Reproducible in experimental(0.26-1) with valgrind (and "free(): corrupted unsorted chunks" without valgrind).
CVE-2017-14865 (There is a heap-based buffer overflow in the Exiv2::us2Data function o ...)
- [experimental] - exiv2 <unfixed> (bug #888865)
- - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888865)
NOTE: https://github.com/Exiv2/exiv2/issues/134
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494778
NOTE: Patch: https://github.com/Exiv2/exiv2/commit/d3c2b9938583440f87ce9115de5a7e8cd8f8db57
- NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
- NOTE: Reproducible in experimental(0.26-1) with valgrind (and "free(): corrupted unsorted chunks" without valgrind).
CVE-2017-14864 (An Invalid memory address dereference was discovered in Exiv2::getULon ...)
{DLA-1147-1}
- exiv2 0.27.2-6
@@ -137706,12 +137691,9 @@ CVE-2017-14864 (An Invalid memory address dereference was discovered in Exiv2::g
NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110
NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca
CVE-2017-14863 (A NULL pointer dereference was discovered in Exiv2::Image::printIFDStr ...)
- [experimental] - exiv2 <unfixed> (low; bug #888866)
- - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888866)
NOTE: https://github.com/Exiv2/exiv2/issues/132
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494443
- NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
- NOTE: Reproducible in experimental(0.26-1) with valgrind (and "free(): invalid next size (fast)" without valgrind).
CVE-2017-14862 (An Invalid memory address dereference was discovered in Exiv2::DataVal ...)
{DLA-1147-1}
- exiv2 0.27.2-6
@@ -137723,20 +137705,14 @@ CVE-2017-14862 (An Invalid memory address dereference was discovered in Exiv2::D
NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110
NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca
CVE-2017-14861 (There is a stack consumption vulnerability in the Exiv2::Internal::str ...)
- [experimental] - exiv2 <unfixed> (bug #880027)
- - exiv2 <not-affected> (printIFDStructure introduced in 0.26)
+ - exiv2 <not-affected> (printIFDStructure introduced in 0.26; only affected experimental; bug #880027)
NOTE: https://github.com/Exiv2/exiv2/issues/139
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494787
- NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
- NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
CVE-2017-14860 (There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMet ...)
- [experimental] - exiv2 <unfixed> (low; bug #888867)
- - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888867)
NOTE: https://github.com/Exiv2/exiv2/issues/71
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494776
NOTE: Patch: https://github.com/Exiv2/exiv2/pull/108
- NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
- NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
CVE-2017-14859 (An Invalid memory address dereference was discovered in Exiv2::StringV ...)
{DLA-1147-1}
- exiv2 0.27.2-6
@@ -137752,13 +137728,10 @@ CVE-2017-14858 (There is a heap-based buffer overflow in the Exiv2::l2Data funct
NOTE: https://github.com/Exiv2/exiv2/issues/138
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494782
CVE-2017-14857 (In Exiv2 0.26, there is an invalid free in the Image class in image.cp ...)
- [experimental] - exiv2 <unfixed> (low; bug #888869)
- - exiv2 <not-affected> (Vulnerable code not present)
+ - exiv2 <not-affected> (Vulnerable code not present; only affected experimental; bug #888869)
NOTE: https://github.com/Exiv2/exiv2/issues/76
NOTE: https://github.com/Exiv2/exiv2/issues/124
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495043
- NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
- NOTE: Reproducible in experimental(0.26-1).
CVE-2017-14856
RESERVED
CVE-2017-14855 (Red Lion HMI panels allow remote attackers to cause a denial of servic ...)
@@ -143016,19 +142989,13 @@ CVE-2017-12957 (There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482423
NOTE: Experimental is affected, tracking as #876242
CVE-2017-12956 (There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() ...)
- [experimental] - exiv2 <unfixed> (low; bug #888872)
- - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888872)
NOTE: https://github.com/Exiv2/exiv2/issues/59
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482296
- NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The file contains data of an unknown image type"
- NOTE: Reproducible in experimental (0.26-1).
CVE-2017-12955 (There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. Th ...)
- [experimental] - exiv2 <unfixed> (bug #888873)
- - exiv2 <not-affected> (Vulnerable code introduced after 0.25)
+ - exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888873)
NOTE: https://github.com/Exiv2/exiv2/issues/58
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482295
- NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The memory contains data of an unknown image type"
- NOTE: Reproducible in experimental (0.26-1).
CVE-2017-12954 (The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4 ...)
- libgig 4.0.0-5 (low; bug #877652)
[stretch] - libgig <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4135bc032f0f16e0a3b9ede4def9a0518e8c3fbc...4156cae491f3f68bcd3c2a332bd59d90f524ff45
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4135bc032f0f16e0a3b9ede4def9a0518e8c3fbc...4156cae491f3f68bcd3c2a332bd59d90f524ff45
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200202/b413f292/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list