[Git][security-tracker-team/security-tracker][master] one libexif issue fixed by older patch, confirmed by upstream, might be rejected
Moritz Muehlenhoff
jmm at debian.org
Mon Jun 8 17:11:52 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
81177bc1 by Moritz Muehlenhoff at 2020-06-08T18:11:03+02:00
one libexif issue fixed by older patch, confirmed by upstream, might be rejected
or amended, upstream will reach out to MITRE
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38762,8 +38762,11 @@ CVE-2020-0182
NOTE: https://github.com/libexif/libexif/commit/f9bb9f263fb00f0603ecbefa8957cad24168cbff (0.6.22)
CVE-2020-0181
RESERVED
- - libexif <unfixed> (bug #962346)
+ {DSA-4618-1 DLA-2100-1}
+ - libexif <unfixed>
+ - libexif 0.6.21-6 (bug #962346)
NOTE: https://android.googlesource.com/platform/external/libexif/+/f6c54954cbfc25eb73d2d2902f0597c0220174a4
+ NOTE: Fixed by the patch for CVE-2019-9278
CVE-2020-0180
RESERVED
NOT-FOR-US: Android Media Framework
=====================================
data/DLA/list
=====================================
@@ -427,7 +427,7 @@
{CVE-2018-18898}
[jessie] - libemail-address-list-perl 0.05-1+deb8u1
[10 Feb 2020] DLA-2100-1 libexif - security update
- {CVE-2019-9278}
+ {CVE-2019-9278 CVE-2020-0181}
[jessie] - libexif 0.6.21-2+deb8u1
[10 Feb 2020] DLA-2099-1 checkstyle - security update
{CVE-2019-10782}
=====================================
data/DSA/list
=====================================
@@ -280,7 +280,7 @@
[stretch] - libxmlrpc3-java 3.1.3-8+deb9u1
[buster] - libxmlrpc3-java 3.1.3-9+deb10u1
[06 Feb 2020] DSA-4618-1 libexif - security update
- {CVE-2019-9278}
+ {CVE-2019-9278 CVE-2020-0181}
[stretch] - libexif 0.6.21-2+deb9u1
[buster] - libexif 0.6.21-5.1+deb10u1
[03 Feb 2020] DSA-4617-1 qtbase-opensource-src - security update
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81177bc1528b953317e192803d51fe20e554bb90
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81177bc1528b953317e192803d51fe20e554bb90
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200608/59044056/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list