[Git][security-tracker-team/security-tracker][master] Add CVE-2019-20421/exiv2

Wed Jan 29 21:07:08 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
34a9864a by Salvatore Bonaccorso at 2020-01-29T22:06:18+01:00
Add CVE-2019-20421/exiv2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -960,7 +960,9 @@ CVE-2019-20422 (In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/i
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/7b09c2d052db4b4ad0b27b97918b46a7746966fa
 CVE-2019-20421 (In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input  ...)
-	TODO: check
+	- exiv2 <unfixed>
+	NOTE: https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8
+	NOTE: https://github.com/Exiv2/exiv2/issues/1011
 CVE-2020-7982
 	RESERVED
 CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34a9864a6b7d0db0449828d7c9cb9f2ab1cf4cf2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/34a9864a6b7d0db0449828d7c9cb9f2ab1cf4cf2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200129/b06db335/attachment.html>
