[Git][security-tracker-team/security-tracker][master] 17 commits: Update status for CVE-2018-9145/exiv2

Salvatore Bonaccorso carnil at debian.org
Sun Feb 2 19:51:24 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4897ad8c by Salvatore Bonaccorso at 2020-02-02T20:45:14+01:00
Update status for CVE-2018-9145/exiv2

- - - - -
1d9592cb by Salvatore Bonaccorso at 2020-02-02T20:45:37+01:00
Update status for CVE-2018-8977/exiv2

- - - - -
fdff3df5 by Salvatore Bonaccorso at 2020-02-02T20:45:55+01:00
Update status ofr CVE-2017-17725/exiv2

- - - - -
d59d13a8 by Salvatore Bonaccorso at 2020-02-02T20:46:11+01:00
Update status for CVE-2017-17724/exiv2

- - - - -
b45aa6d1 by Salvatore Bonaccorso at 2020-02-02T20:46:29+01:00
Update status for CVE-2017-17723/exiv2

- - - - -
618a01dd by Salvatore Bonaccorso at 2020-02-02T20:46:46+01:00
Update status for CVE-2017-17722/exiv2

- - - - -
c21e2925 by Salvatore Bonaccorso at 2020-02-02T20:47:11+01:00
Update status for CVE-2017-1000128/exiv2

- - - - -
12a1f69d by Salvatore Bonaccorso at 2020-02-02T20:47:29+01:00
Update status for CVE-2017-1000127/exiv2

- - - - -
de0530cc by Salvatore Bonaccorso at 2020-02-02T20:47:59+01:00
Update status for CVE-2017-1000126/exiv2

- - - - -
54289859 by Salvatore Bonaccorso at 2020-02-02T20:48:28+01:00
Update status for CVE-2017-14866/exiv2

- - - - -
af75f7c4 by Salvatore Bonaccorso at 2020-02-02T20:48:46+01:00
Update status for CVE-2017-14865/exiv2

- - - - -
9c04d315 by Salvatore Bonaccorso at 2020-02-02T20:49:04+01:00
Update status for CVE-2017-14863/exiv2

- - - - -
a8dba975 by Salvatore Bonaccorso at 2020-02-02T20:49:22+01:00
Update status for CVE-2017-14861/exiv2

- - - - -
d1ee34ac by Salvatore Bonaccorso at 2020-02-02T20:49:42+01:00
Update status for CVE-2017-14860/exiv2

- - - - -
c2285f59 by Salvatore Bonaccorso at 2020-02-02T20:49:59+01:00
Update status for CVE-2017-14857/exiv2

- - - - -
5f7d3a21 by Salvatore Bonaccorso at 2020-02-02T20:50:26+01:00
Update status for CVE-2017-12956/exiv2

- - - - -
4156cae4 by Salvatore Bonaccorso at 2020-02-02T20:50:41+01:00
Update status for CVE-2017-12955/exiv2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -103789,8 +103789,7 @@ CVE-2018-9147 (Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Ge
 CVE-2018-9146
 	REJECTED
 CVE-2018-9145 (In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issu ...)
-	[experimental] - exiv2 <unfixed> (bug #910909)
-	- exiv2 <not-affected> (Vulnerable code introduced later)
+	- exiv2 <not-affected> (Vulnerable code introduced later; only affected experimental; bug #910909)
 	NOTE: https://github.com/xiaoqx/pocs/tree/master/exiv2
 	NOTE: https://github.com/Exiv2/exiv2/pull/470
 	NOTE: Fixed with: https://github.com/Exiv2/exiv2/commit/c03f73268f65c73f9d3d7b670f13e48e92692750
@@ -104210,8 +104209,7 @@ CVE-2018-8979 (Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifyin
 CVE-2018-8978 (Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an  ...)
 	NOT-FOR-US: Open-AudIT Professional
 CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonm ...)
-	[experimental] - exiv2 <unfixed> (bug #894179)
-	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
+	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental, bug #)
 	NOTE: https://github.com/Exiv2/exiv2/issues/247
 CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial  ...)
 	- exiv2 0.27.2-6 (low; bug #903813)
@@ -120676,26 +120674,22 @@ CVE-2017-17727 (DedeCMS through 5.6 allows arbitrary file upload and PHP code ex
 CVE-2017-17726
 	RESERVED
 CVE-2017-17725 (In Exiv2 0.26, there is an integer overflow leading to a heap-based bu ...)
-	[experimental] - exiv2 <unfixed>
-	- exiv2 <not-affected> (Introduced in 0.26)
+	- exiv2 <not-affected> (Introduced in 0.26; only affected experimental)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1525055
 	NOTE: https://github.com/Exiv2/exiv2/issues/188
 	NOTE: https://github.com/Exiv2/exiv2/pull/193
 CVE-2017-17724 (In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Ip ...)
-	[experimental] - exiv2 <unfixed> (bug #891783)
-	- exiv2 <not-affected> (Introduced in 0.26)
+	- exiv2 <not-affected> (Introduced in 0.26; only affected experimental; bug #891783)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524107
 	NOTE: https://github.com/Exiv2/exiv2/issues/210
 	NOTE: https://github.com/Exiv2/exiv2/commit/962962a8e9885ccbca28f624492f1427152a0695
 CVE-2017-17723 (In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Im ...)
-	[experimental] - exiv2 <unfixed>
-	- exiv2 <not-affected> (Introduced in 0.26)
+	- exiv2 <not-affected> (Introduced in 0.26; only affected experimental)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524104
 	NOTE: https://github.com/Exiv2/exiv2/issues/229
 	NOTE: https://github.com/Exiv2/exiv2/commit/36df4bc997d74ecc447e4541e2fc3fda10586103
 CVE-2017-17722 (In Exiv2 0.26, there is a reachable assertion in the readHeader functi ...)
-	[experimental] - exiv2 <unfixed> (low; bug #891044)
-	- exiv2 <not-affected> (Vulnerable code introduced in 0.26)
+	- exiv2 <not-affected> (Vulnerable code introduced in 0.26; only affected experimental; bug #891044)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524116
 	NOTE: https://github.com/Exiv2/exiv2/issues/208
 	NOTE: https://github.com/Exiv2/exiv2/issues/228 (duplicate)
@@ -131173,18 +131167,15 @@ CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulne
 CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1. ...)
 	NOT-FOR-US: Phoenix Framework
 CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...)
-	[experimental] - exiv2 <unfixed>
-	- exiv2 <not-affected> (Vulnerable code introduced in 0.26)
+	- exiv2 <not-affected> (Vulnerable code introduced in 0.26; only affected experimental)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
 	NOTE: https://github.com/Exiv2/exiv2/issues/177
 CVE-2017-1000127 (Exiv2 0.26 contains a heap buffer overflow in tiff parser ...)
-	[experimental] - exiv2 <unfixed> (low; bug #888863)
-	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
+	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888863)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
 	NOTE: https://github.com/Exiv2/exiv2/issues/176
 CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser ...)
-	[experimental] - exiv2 <unfixed> (low; bug #888864)
-	- exiv2 <not-affected> (WebP support introduced in 0.26)
+	- exiv2 <not-affected> (WebP support introduced in 0.26; only affected experimental; bug #888864)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
 	NOTE: https://github.com/Exiv2/exiv2/issues/175
 CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in tinfo/w ...)
@@ -137681,20 +137672,14 @@ CVE-2017-14869 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
 CVE-2017-14868 (Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows  ...)
 	- restlet <itp> (bug #596472)
 CVE-2017-14866 (There is a heap-based buffer overflow in the Exiv2::s2Data function of ...)
-	[experimental] - exiv2 <unfixed> (bug #880015)
-	- exiv2 <not-affected> (Versions prior to 0.26 don't parse ICC profiles yet)
+	- exiv2 <not-affected> (Versions prior to 0.26 don't parse ICC profiles yet; only affected experimental; bug #880015)
 	NOTE: https://github.com/Exiv2/exiv2/issues/140
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494781
-	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
-	NOTE: Reproducible in experimental(0.26-1) with valgrind (and "free(): corrupted unsorted chunks" without valgrind).
 CVE-2017-14865 (There is a heap-based buffer overflow in the Exiv2::us2Data function o ...)
-	[experimental] - exiv2 <unfixed> (bug #888865)
-	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
+	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888865)
 	NOTE: https://github.com/Exiv2/exiv2/issues/134
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494778
 	NOTE: Patch: https://github.com/Exiv2/exiv2/commit/d3c2b9938583440f87ce9115de5a7e8cd8f8db57
-	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
-	NOTE: Reproducible in experimental(0.26-1) with valgrind (and "free(): corrupted unsorted chunks" without valgrind).
 CVE-2017-14864 (An Invalid memory address dereference was discovered in Exiv2::getULon ...)
 	{DLA-1147-1}
 	- exiv2 0.27.2-6
@@ -137706,12 +137691,9 @@ CVE-2017-14864 (An Invalid memory address dereference was discovered in Exiv2::g
 	NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110
 	NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca
 CVE-2017-14863 (A NULL pointer dereference was discovered in Exiv2::Image::printIFDStr ...)
-	[experimental] - exiv2 <unfixed> (low; bug #888866)
-	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
+	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888866)
 	NOTE: https://github.com/Exiv2/exiv2/issues/132
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494443
-	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
-	NOTE: Reproducible in experimental(0.26-1) with valgrind (and "free(): invalid next size (fast)" without valgrind).
 CVE-2017-14862 (An Invalid memory address dereference was discovered in Exiv2::DataVal ...)
 	{DLA-1147-1}
 	- exiv2 0.27.2-6
@@ -137723,20 +137705,14 @@ CVE-2017-14862 (An Invalid memory address dereference was discovered in Exiv2::D
 	NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110
 	NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca
 CVE-2017-14861 (There is a stack consumption vulnerability in the Exiv2::Internal::str ...)
-	[experimental] - exiv2 <unfixed> (bug #880027)
-	- exiv2 <not-affected> (printIFDStructure introduced in 0.26)
+	- exiv2 <not-affected> (printIFDStructure introduced in 0.26; only affected experimental; bug #880027)
 	NOTE: https://github.com/Exiv2/exiv2/issues/139
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494787
-	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
-	NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
 CVE-2017-14860 (There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMet ...)
-	[experimental] - exiv2 <unfixed> (low; bug #888867)
-	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
+	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888867)
 	NOTE: https://github.com/Exiv2/exiv2/issues/71
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494776
 	NOTE: Patch: https://github.com/Exiv2/exiv2/pull/108
-	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
-	NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
 CVE-2017-14859 (An Invalid memory address dereference was discovered in Exiv2::StringV ...)
 	{DLA-1147-1}
 	- exiv2 0.27.2-6
@@ -137752,13 +137728,10 @@ CVE-2017-14858 (There is a heap-based buffer overflow in the Exiv2::l2Data funct
 	NOTE: https://github.com/Exiv2/exiv2/issues/138
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494782
 CVE-2017-14857 (In Exiv2 0.26, there is an invalid free in the Image class in image.cp ...)
-	[experimental] - exiv2 <unfixed> (low; bug #888869)
-	- exiv2 <not-affected> (Vulnerable code not present)
+	- exiv2 <not-affected> (Vulnerable code not present; only affected experimental; bug #888869)
 	NOTE: https://github.com/Exiv2/exiv2/issues/76
 	NOTE: https://github.com/Exiv2/exiv2/issues/124
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495043
-	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
-	NOTE: Reproducible in experimental(0.26-1).
 CVE-2017-14856
 	RESERVED
 CVE-2017-14855 (Red Lion HMI panels allow remote attackers to cause a denial of servic ...)
@@ -143016,19 +142989,13 @@ CVE-2017-12957 (There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482423
 	NOTE: Experimental is affected, tracking as #876242
 CVE-2017-12956 (There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() ...)
-	[experimental] - exiv2 <unfixed> (low; bug #888872)
-	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
+	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888872)
 	NOTE: https://github.com/Exiv2/exiv2/issues/59
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482296
-	NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The file contains data of an unknown image type"
-	NOTE: Reproducible in experimental (0.26-1).
 CVE-2017-12955 (There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. Th ...)
-	[experimental] - exiv2 <unfixed> (bug #888873)
-	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
+	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888873)
 	NOTE: https://github.com/Exiv2/exiv2/issues/58
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482295
-	NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The memory contains data of an unknown image type"
-	NOTE: Reproducible in experimental (0.26-1).
 CVE-2017-12954 (The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4 ...)
 	- libgig 4.0.0-5 (low; bug #877652)
 	[stretch] - libgig <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4135bc032f0f16e0a3b9ede4def9a0518e8c3fbc...4156cae491f3f68bcd3c2a332bd59d90f524ff45

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4135bc032f0f16e0a3b9ede4def9a0518e8c3fbc...4156cae491f3f68bcd3c2a332bd59d90f524ff45
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200202/b413f292/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list