[Git][security-tracker-team/security-tracker][master] Add CVE-2020-1311{2,3,4}/libexif issues
Salvatore Bonaccorso
carnil at debian.org
Thu May 21 20:10:55 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7e65931e by Salvatore Bonaccorso at 2020-05-21T21:09:43+02:00
Add CVE-2020-1311{2,3,4}/libexif issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -301,12 +301,24 @@ CVE-2020-13116
RESERVED
CVE-2020-13115
RESERVED
-CVE-2020-13114
+CVE-2020-13114 [Add a failsafe on the maximum number of Canon MakerNote subtags]
RESERVED
-CVE-2020-13113
+ - libexif <unfixed>
+ [buster] - libexif <no-dsa> (Minor issue)
+ [stretch] - libexif <no-dsa> (Minor issue)
+ NOTE: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22)
+CVE-2020-13113 [Ensure the MakerNote data pointers are initialized with NULL]
RESERVED
-CVE-2020-13112
+ - libexif <unfixed>
+ [buster] - libexif <no-dsa> (Minor issue)
+ [stretch] - libexif <no-dsa> (Minor issue)
+ NOTE: https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f (0.6.22)
+CVE-2020-13112 [Fix MakerNote tag size overflow issues at read time]
RESERVED
+ - libexif <unfixed>
+ [buster] - libexif <no-dsa> (Minor issue)
+ [stretch] - libexif <no-dsa> (Minor issue)
+ NOTE: https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 (0.6.22)
CVE-2020-13111 (NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/d ...)
NOT-FOR-US: NaviServer
CVE-2020-13110 (The kerberos package before 1.0.0 for Node.js allows arbitrary code ex ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e65931ebc678de2502cd81346438759e1514950
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e65931ebc678de2502cd81346438759e1514950
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200521/8fac180f/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list