[Git][security-tracker-team/security-tracker][master] commit refs for exiv2

Moritz Muehlenhoff jmm at debian.org
Wed Apr 28 12:19:13 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
da9ee882 by Moritz Muehlenhoff at 2021-04-28T13:18:46+02:00
commit refs for exiv2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4316,6 +4316,8 @@ CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including 0.27.4
 	[buster] - exiv2 <no-dsa> (Minor issue)
 	[stretch] - exiv2 <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/Exiv2/exiv2/issues/1522
+	NOTE: https://github.com/Exiv2/exiv2/commit/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da
+	NOTE: https://github.com/Exiv2/exiv2/commit/cac151ec052d44da3dc779e9e4028e581acb128a
 CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file]
 	RESERVED
 	- qtsvg-opensource-src 5.15.2-3 (bug #986798)
@@ -5354,7 +5356,9 @@ CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write
 	- exiv2 <unfixed>
 	[buster] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
-	NOTE: https://github.com/github/advisory-review/pull/1587
+	NOTE: https://github.com/Exiv2/exiv2/pull/1587
+	NOTE: https://github.com/Exiv2/exiv2/commit/e6a0982f7cd9282052b6e3485a458d60629ffa0b
+	NOTE: https://github.com/Exiv2/exiv2/commit/f0ff11f044b2c8ddf4792415beb91fd815c633a1
 CVE-2021-29472 (Composer is a dependency manager for PHP. URLs for Mercurial repositor ...)
 	- composer 2.0.9-2
 	NOTE: https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx
@@ -5367,6 +5371,8 @@ CVE-2021-29470 (Exiv2 is a command-line utility and C++ library for reading, wri
 	[stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj
 	NOTE: https://github.com/Exiv2/exiv2/pull/1581
+	NOTE: https://github.com/Exiv2/exiv2/commit/6628a69c036df2aa036290e6cd71767c159c79ed
+	NOTE: https://github.com/Exiv2/exiv2/commit/6527e4f5979ced22d509e27d87d51287046f2008
 CVE-2021-29469 (Node-redis is a Node.js Redis client. Before version 3.1.1, when a cli ...)
 	- node-redis 3.0.2+~cs5.18.1-3
 	[buster] - node-redis <no-dsa> (Minor issue)
@@ -5404,6 +5410,11 @@ CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading, wri
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5
 	NOTE: https://github.com/Exiv2/exiv2/issues/1530
 	NOTE: https://github.com/Exiv2/exiv2/pull/1536
+	NOTE: https://github.com/Exiv2/exiv2/commit/0a91b56616404f7b29ca28deb01ce18b767d1871
+	NOTE: https://github.com/Exiv2/exiv2/commit/c92ac88cb0ebe72a5a17654fe6cecf411ab1e572
+	NOTE: https://github.com/Exiv2/exiv2/commit/9b7a19f957af53304655ed1efe32253a1b11a8d0
+	NOTE: https://github.com/Exiv2/exiv2/commit/fadb68718eb1bff3bd3222bd26ff3328f5306730
+	NOTE: https://github.com/Exiv2/exiv2/commit/06d2db6e5fd2fcca9c060e95fc97f8a5b5d4c22d
 CVE-2021-29457 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 <unfixed> (bug #987277)
 	[buster] - exiv2 <no-dsa> (Minor issue)
@@ -5411,6 +5422,7 @@ CVE-2021-29457 (Exiv2 is a command-line utility and C++ library for reading, wri
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm
 	NOTE: https://github.com/Exiv2/exiv2/issues/1529
 	NOTE: https://github.com/Exiv2/exiv2/pull/1534
+	NOTE: https://github.com/Exiv2/exiv2/commit/13e5a3e02339b746abcaee6408893ca2fd8e289d
 CVE-2021-29456 (Authelia is an open-source authentication and authorization server pro ...)
 	NOT-FOR-US: Authelia
 CVE-2021-29455 (Grassroot Platform is an application to make it faster, cheaper and ea ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da9ee8822d21ab11eb81c69403230d3b6661974c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da9ee8822d21ab11eb81c69403230d3b6661974c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210428/66125573/attachment.htm>

More information about the debian-security-tracker-commits mailing list