[Git][security-tracker-team/security-tracker][master] Update tracking for CVE-2018-11037/exiv2

Salvatore Bonaccorso carnil at debian.org
Sun Feb 2 20:06:48 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
46efe50f by Salvatore Bonaccorso at 2020-02-02T21:04:40+01:00
Update tracking for CVE-2018-11037/exiv2

It is unfortunately not fully clear if this issue only ever affected
experimental. But the printStructure part was dropped in 0.27 upstream.
To play on the safe side consider versions before 0.27 as affected
(better wrongly mark something as affected, than the other way around)
and mark the first version based on 0.27 upstream which entered unstable
as the fixed one.

Furthermore the issue is minor (information leak via crafted file) and
can be considered no-dsa.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -98752,7 +98752,9 @@ CVE-2017-18268 (Symantec IntelligenceCenter 3.3 is vulnerable to the Return of t
 CVE-2018-11038
 	RESERVED
 CVE-2018-11037 (In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimag ...)
-	- exiv2 <undetermined>
+	- exiv2 0.27.2-6
+	[buster] - exiv2 <no-dsa> (Minor issue)
+	[stretch] - exiv2 <no-dsa> (Minor issue)
 	[jessie] - exiv2 <not-affected> (Jessie doesn't have '-pS', not reproducible, closed upstream)
 	NOTE: https://github.com/Exiv2/exiv2/issues/307
 CVE-2018-11036 (Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/46efe50f3387759ec0e2fe4d77d5782cd0bb46d9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/46efe50f3387759ec0e2fe4d77d5782cd0bb46d9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200202/0dcc9465/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list