[Git][security-tracker-team/security-tracker][master] some exiv2 issues n/a on buster & stretch
Emilio Pozuelo Monfort
pochu at debian.org
Mon May 3 09:01:26 BST 2021
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f2e1fd09 by Emilio Pozuelo Monfort at 2021-05-03T10:00:54+02:00
some exiv2 issues n/a on buster & stretch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5682,7 +5682,8 @@ CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source collaborat
NOT-FOR-US: HedgeDoc
CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
- exiv2 <unfixed> (bug #987736)
- [buster] - exiv2 <no-dsa> (Minor issue)
+ [buster] - exiv2 <not-affected> (Vulnerable code introduced later)
+ [stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
NOTE: https://github.com/Exiv2/exiv2/pull/1587
NOTE: https://github.com/Exiv2/exiv2/commit/e6a0982f7cd9282052b6e3485a458d60629ffa0b
@@ -5718,10 +5719,14 @@ CVE-2021-29465 (Discord-Recon is a bot for the Discord chat service. Versions of
NOT-FOR-US: Discord-Recon
CVE-2021-29464 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 <unfixed>
+ [buster] - exiv2 <not-affected> (Vulnerable code introduced later)
+ [stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p
NOTE: https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54
CVE-2021-29463 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- exiv2 <unfixed>
+ [buster] - exiv2 <not-affected> (webp support introduced in 0.27)
+ [stretch] - exiv2 <not-affected> (webp support introduced in 0.27)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr
NOTE: https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b
CVE-2021-29462 (The Portable SDK for UPnP Devices is an SDK for development of UPnP de ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2e1fd099df6d52b4d04c5587557bb2899f89d4c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2e1fd099df6d52b4d04c5587557bb2899f89d4c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210503/8bacd488/attachment.htm>
More information about the debian-security-tracker-commits
mailing list