[Git][security-tracker-team/security-tracker][master] Add CVE-2020-1311{2,3,4}/libexif issues

Salvatore Bonaccorso carnil at debian.org
Thu May 21 20:10:55 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e65931e by Salvatore Bonaccorso at 2020-05-21T21:09:43+02:00
Add CVE-2020-1311{2,3,4}/libexif issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -301,12 +301,24 @@ CVE-2020-13116
 	RESERVED
 CVE-2020-13115
 	RESERVED
-CVE-2020-13114
+CVE-2020-13114 [Add a failsafe on the maximum number of Canon MakerNote subtags]
 	RESERVED
-CVE-2020-13113
+	- libexif <unfixed>
+	[buster] - libexif <no-dsa> (Minor issue)
+	[stretch] - libexif <no-dsa> (Minor issue)
+	NOTE: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22)
+CVE-2020-13113 [Ensure the MakerNote data pointers are initialized with NULL]
 	RESERVED
-CVE-2020-13112
+	- libexif <unfixed>
+	[buster] - libexif <no-dsa> (Minor issue)
+	[stretch] - libexif <no-dsa> (Minor issue)
+	NOTE: https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f (0.6.22)
+CVE-2020-13112 [Fix MakerNote tag size overflow issues at read time]
 	RESERVED
+	- libexif <unfixed>
+	[buster] - libexif <no-dsa> (Minor issue)
+	[stretch] - libexif <no-dsa> (Minor issue)
+	NOTE: https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 (0.6.22)
 CVE-2020-13111 (NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/d ...)
 	NOT-FOR-US: NaviServer
 CVE-2020-13110 (The kerberos package before 1.0.0 for Node.js allows arbitrary code ex ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e65931ebc678de2502cd81346438759e1514950

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e65931ebc678de2502cd81346438759e1514950
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200521/8fac180f/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list