[Git][security-tracker-team/security-tracker][master] exiv2 fixes
Moritz Muehlenhoff
jmm at debian.org
Tue Jan 28 15:18:03 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c9a53647 by Moritz Muehlenhoff at 2020-01-28T07:17:48-08:00
exiv2 fixes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38038,39 +38038,38 @@ CVE-2019-13115 (In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchang
NOTE: https://blog.semmle.com/libssh2-integer-overflow/
NOTE: https://github.com/libssh2/libssh2/pull/350
CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows a malicious http server to cause ...)
- - exiv2 <unfixed> (low)
+ - exiv2 0.27.2-6 (low)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <not-affected> (HTTP support yet added in 0.25)
NOTE: https://github.com/Exiv2/exiv2/commit/ccde30afa8ca787a3fe17388a15977f107a53b72
NOTE: https://github.com/Exiv2/exiv2/issues/793
CVE-2019-13113 (Exiv2 through 0.27.1 allows an attacker to cause a denial of service ( ...)
- - exiv2 <unfixed> (unimportant)
+ - exiv2 0.27.2-6 (unimportant)
NOTE: https://github.com/Exiv2/exiv2/commit/6212806b7637be683a56c769a8d905153996d933
NOTE: https://github.com/Exiv2/exiv2/commit/ccde30afa8ca787a3fe17388a15977f107a53b72
NOTE: https://github.com/Exiv2/exiv2/issues/841
NOTE: Negligible security impact
CVE-2019-13112 (A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 ...)
- - exiv2 <unfixed> (low)
+ - exiv2 0.27.2-6 (low)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <ignored> (Minor issue, clean exception / local DoS)
NOTE: https://github.com/Exiv2/exiv2/commit/1ed1e03c83802547585833fa9d4433af94798778
NOTE: https://github.com/Exiv2/exiv2/issues/845
CVE-2019-13111 (A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 all ...)
- [experimental] - exiv2 <unfixed>
- - exiv2 <not-affected> (Vulnerable code introduced later)
+ - exiv2 <not-affected> (Only affected 0.27, vulnerable versions were only in experimental)
NOTE: https://github.com/Exiv2/exiv2/issues/791
NOTE: https://github.com/Exiv2/exiv2/pull/797/commits
CVE-2019-13110 (A CiffDirectory::readDirectory integer overflow and out-of-bounds read ...)
- - exiv2 <unfixed> (low)
+ - exiv2 0.27.2-6 (low)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <ignored> (Minor issue, read segfault)
NOTE: https://github.com/Exiv2/exiv2/issues/843
NOTE: https://github.com/Exiv2/exiv2/commit/9628f82084ed30d494ddd4f7360d233801e22967
CVE-2019-13109 (An integer overflow in Exiv2 through 0.27.1 allows an attacker to caus ...)
- - exiv2 <unfixed> (low)
+ - exiv2 0.27.2-6 (low)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <not-affected> (ICC-specific support added in 0.26, PoC doesn't crash)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9a536473d3a816e19249ead672c2ffc4945650f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c9a536473d3a816e19249ead672c2ffc4945650f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200128/4a979e01/attachment.html>
More information about the debian-security-tracker-commits
mailing list