[Git][security-tracker-team/security-tracker][master] exiv2 fixed

Wed Jan 29 18:36:53 GMT 2020


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1353c330 by Moritz Muehlenhoff at 2020-01-29T10:36:25-08:00
exiv2 fixed
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15106,24 +15106,34 @@ CVE-2020-2109
 	RESERVED
 CVE-2020-2108
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
 CVE-2020-2107
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
 CVE-2020-2106
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
 CVE-2020-2105
 	RESERVED
+	NOT-FOR-US: Jenkins
 CVE-2020-2104
 	RESERVED
+	NOT-FOR-US: Jenkins
 CVE-2020-2103
 	RESERVED
+	NOT-FOR-US: Jenkins
 CVE-2020-2102
 	RESERVED
+	NOT-FOR-US: Jenkins
 CVE-2020-2101
 	RESERVED
+	NOT-FOR-US: Jenkins
 CVE-2020-2100
 	RESERVED
+	NOT-FOR-US: Jenkins
 CVE-2020-2099
 	RESERVED
+	NOT-FOR-US: Jenkins
 CVE-2020-2098 (A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0. ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2020-2097 (Jenkins Sounds Plugin 0.5 and earlier does not perform permission chec ...)
@@ -69208,8 +69218,8 @@ CVE-2018-20098 (There is a heap-based buffer over-read in Exiv2::Jp2Image::encod
 CVE-2018-20097 (There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroup ...)
 	{DLA-1691-1}
 	- exiv2 <unfixed> (low)
-	[buster] - exiv2 <no-dsa> (Minor issue)
-	[stretch] - exiv2 <no-dsa> (Minor issue)
+	[buster] - exiv2 <ignored> (Minor issue)
+	[stretch] - exiv2 <ignored> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/issues/590
 	NOTE: https://github.com/Exiv2/exiv2/commit/203ab0db28c9666b16069d4056ac5f66f753a51d
 CVE-2018-20096 (There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf fun ...)
@@ -75306,8 +75316,8 @@ CVE-2018-19536
 CVE-2018-19535 (In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngch ...)
 	{DLA-1691-1}
 	- exiv2 <unfixed> (bug #915135)
-	[buster] - exiv2 <no-dsa> (Minor issue)
-	[stretch] - exiv2 <no-dsa> (Minor issue)
+	[buster] - exiv2 <ignored> (Minor issue)
+	[stretch] - exiv2 <ignored> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/issues/428
 	NOTE: https://github.com/Exiv2/exiv2/pull/430
 CVE-2018-19534
@@ -76870,8 +76880,8 @@ CVE-2018-19109 (tianti 2.3 allows remote authenticated users to bypass intended
 CVE-2018-19108 (In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PS ...)
 	{DLA-1691-1}
 	- exiv2 <unfixed> (bug #913272)
-	[buster] - exiv2 <no-dsa> (Minor issue)
-	[stretch] - exiv2 <no-dsa> (Minor issue)
+	[buster] - exiv2 <ignored> (Minor issue)
+	[stretch] - exiv2 <ignored> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/issues/426
 	NOTE: https://github.com/Exiv2/exiv2/pull/518
 	NOTE: https://github.com/Exiv2/exiv2/commit/68966932510213b5656fcf433ab6d7e26f48e23b
@@ -76879,8 +76889,8 @@ CVE-2018-19108 (In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in
 CVE-2018-19107 (In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdi ...)
 	{DLA-1691-1}
 	- exiv2 <unfixed> (bug #913273)
-	[buster] - exiv2 <no-dsa> (Minor issue)
-	[stretch] - exiv2 <no-dsa> (Minor issue)
+	[buster] - exiv2 <ignored> (Minor issue)
+	[stretch] - exiv2 <ignored> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/issues/427
 	NOTE: https://github.com/Exiv2/exiv2/pull/518
 	NOTE: https://github.com/Exiv2/exiv2/commit/68966932510213b5656fcf433ab6d7e26f48e23b
@@ -103865,7 +103875,7 @@ CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in c
 	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
 	NOTE: https://github.com/Exiv2/exiv2/issues/247
 CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial  ...)
-	- exiv2 <unfixed> (low; bug #903813)
+	- exiv2 0.27.2-6 (low; bug #903813)
 	[buster] - exiv2 <ignored> (Minor issue)
 	[stretch] - exiv2 <ignored> (Minor issue)
 	[jessie] - exiv2 <ignored> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1353c33041fbd2ac9f843e4831ab5cc69aa66d04

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1353c33041fbd2ac9f843e4831ab5cc69aa66d04
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200129/86ca0779/attachment-0001.html>
