[Git][security-tracker-team/security-tracker][master] Reserve DLA-3186-1 for exiv2

Thu Nov 10 14:38:47 GMT 2022


Dominik George pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc35d972 by Dominik George at 2022-11-10T15:37:49+01:00
Reserve DLA-3186-1 for exiv2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -241631,7 +241631,7 @@ CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows a malicious http server to
 	NOTE: https://github.com/Exiv2/exiv2/issues/793
 CVE-2019-13113 (Exiv2 through 0.27.1 allows an attacker to cause a denial of service ( ...)
 	- exiv2 0.27.2-6 (unimportant)
-        [buster] - exiv2 <not-affected> (Vulnerable code introduced later)
+	[buster] - exiv2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Exiv2/exiv2/commit/6212806b7637be683a56c769a8d905153996d933
 	NOTE: https://github.com/Exiv2/exiv2/commit/ccde30afa8ca787a3fe17388a15977f107a53b72
 	NOTE: https://github.com/Exiv2/exiv2/issues/841


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[10 Nov 2022] DLA-3186-1 exiv2 - security update
+	{CVE-2017-11683 CVE-2020-19716 CVE-2022-3756}
+	[buster] - exiv2 0.25-4+deb10u3
 [10 Nov 2022] DLA-3185-1 xorg-server - security update
 	{CVE-2022-3550 CVE-2022-3551}
 	[buster] - xorg-server 2:1.20.4-1+deb10u6


=====================================
data/dla-needed.txt
=====================================
@@ -44,10 +44,6 @@ curl (Emilio)
 dropbear (Utkarsh)
   NOTE: 20221027: Programming language: C.
 --
-exiv2 (Dominik George)
-  NOTE: 20220819: Programming language: C++.
-  NOTE: 20220819: https://github.com/Exiv2/exiv2/commit/109d5df7abd329f141b500c92a00178d35a6bef3#diff-bd28aafd4c87975a3a236af74c2200db447587fa0bb4f43ba9beb98738c77b2aL292 does not directly apply, but a very quick glance suggests the earlier code may be equally vulnerable. (Chris Lamb)
---
 firmware-nonfree
   NOTE: 20220906: Consider to check the severity of the issues again and judge whether a correction is worth it.
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc35d972357a33295e50c9f527ec258d578b18a8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc35d972357a33295e50c9f527ec258d578b18a8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221110/75ef27b0/attachment.htm>
