[Pkg-kde-extras] Bug#868578: Bug#868578: CVE-2017-11335 CVE-2017-11336 CVE-2017-11337 CVE-2017-11338 CVE-2017-11339 CVE-2017-11340
Maximiliano Curia
maxy at debian.org
Mon Jul 17 11:36:41 UTC 2017
Control: notfound -1 0.25-3.1
Control: found -1 0.26-1
¡Hola Moritz!
El 2017-07-16 a las 22:49 +0200, Moritz Muehlenhoff escribió:
> Package: exiv2
> Version: 0.25-3.1
> Severity: important
> Tags: security
>
> Please see:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335
This one seems to be libtiff specific, if this is reproducible with exiv2,
please let me know how to reproduce it.
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11336
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11337
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11338
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11339
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11340
I couldn't reproduce these with 0.25-3.1, but these issues are clearly there
for 0.26-1. Thanks for the heads up, I guess we would either skip 0.26 for
unstable or, at least, wait till these issues are patched.
Happy hacking,
--
"Politicians and diapers have one thing in common. They should both be changed
regularly, and for the same reason." ― José Maria de Eça de Queiroz
Saludos /\/\ /\ >< `/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-kde-extras/attachments/20170717/c43d9f86/attachment-0001.sig>
More information about the pkg-kde-extras
mailing list