[Pkg-kde-extras] Bug#868578: Bug#868578: CVE-2017-11335 CVE-2017-11336 CVE-2017-11337 CVE-2017-11338 CVE-2017-11339 CVE-2017-11340

Maximiliano Curia maxy at debian.org
Mon Jul 17 11:36:41 UTC 2017


Control: notfound -1 0.25-3.1
Control: found -1 0.26-1

¡Hola Moritz!

El 2017-07-16 a las 22:49 +0200, Moritz Muehlenhoff escribió:
> Package: exiv2 
> Version: 0.25-3.1 
> Severity: important 
> Tags: security
>
> Please see:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335

This one seems to be libtiff specific, if this is reproducible with exiv2, 
please let me know how to reproduce it.

> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11336
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11337
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11338
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11339
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11340

I couldn't reproduce these with 0.25-3.1, but these issues are clearly there 
for 0.26-1. Thanks for the heads up, I guess we would either skip 0.26 for 
unstable or, at least, wait till these issues are patched.

Happy hacking,
-- 
"Politicians and diapers have one thing in common. They should both be changed
regularly, and for the same reason." ― José Maria de Eça de Queiroz
 Saludos /\/\ /\ >< `/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-kde-extras/attachments/20170717/c43d9f86/attachment-0001.sig>


More information about the pkg-kde-extras mailing list