[Git][security-tracker-team/security-tracker][master] Update tracking for CVE-2017-14858/exiv2

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
367a0419 by Salvatore Bonaccorso at 2020-01-30T13:04:42+01:00
Update tracking for CVE-2017-14858/exiv2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -137518,12 +137518,9 @@ CVE-2017-14859 (An Invalid memory address dereference was discovered in Exiv2::S
 	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
 	NOTE: Reproducible in experimental(0.26-1).
 CVE-2017-14858 (There is a heap-based buffer overflow in the Exiv2::l2Data function of ...)
-	[experimental] - exiv2 <unfixed> (bug #897134)
-	- exiv2 <not-affected> (TIFF meta data handler doesn't parse ICC profiles yet)
+	- exiv2 <not-affected> (TIFF meta data handler doesn't parse ICC profiles; only affected experimental; bug #897134)
 	NOTE: https://github.com/Exiv2/exiv2/issues/138
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494782
-	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
-	NOTE: Reproducible in experimental(0.26-1) with a different error (double free or corruption (out))
 CVE-2017-14857 (In Exiv2 0.26, there is an invalid free in the Image class in image.cp ...)
 	[experimental] - exiv2 <unfixed> (low; bug #888869)
 	- exiv2 <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/367a0419e70246f71461f69beefecf04c854dd9c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/367a0419e70246f71461f69beefecf04c854dd9c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200130/a23e8dc7/attachment.html>