Author: hertzog Date: 2017-08-31 15:37:07 +0000 (Thu, 31 Aug 2017) New Revision: 55321
Modified: data/CVE/list Log: Reported all exiv2 issues to upstream Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-08-31 15:36:57 UTC (rev 55320) +++ data/CVE/list 2017-08-31 15:37:07 UTC (rev 55321) @@ -2476,12 +2476,15 @@ NOTE: Crash in CLI tool, no security impact CVE-2017-12957 (There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that ...) - exiv2 <unfixed> + NOTE: https://github.com/Exiv2/exiv2/issues/60 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482423 CVE-2017-12956 (There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() ...) - exiv2 <unfixed> + NOTE: https://github.com/Exiv2/exiv2/issues/59 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482296 CVE-2017-12955 (There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The ...) - exiv2 <unfixed> + NOTE: https://github.com/Exiv2/exiv2/issues/58 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482295 CVE-2017-12954 (The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig ...) - libgig <unfixed> (bug #873718) @@ -6078,6 +6081,8 @@ - exiv2 <unfixed> (low) [stretch] - exiv2 <no-dsa> (Minor issue) [jessie] - exiv2 <no-dsa> (Minor issue) + NOTE: http://dev.exiv2.org/issues/1307 + NOTE: https://github.com/Exiv2/exiv2/issues/57 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475124 CVE-2017-11682 (Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows ...) NOT-FOR-US: Hashtopussy @@ -6415,11 +6420,13 @@ - exiv2 <unfixed> (low) [stretch] - exiv2 <no-dsa> (Minor issue) [jessie] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/issues/56 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889 CVE-2017-11591 (There is a Floating point exception in the Exiv2::ValueType function in ...) - exiv2 <unfixed> (low) [stretch] - exiv2 <no-dsa> (Minor issue) [jessie] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/issues/55 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473888 CVE-2017-11590 (There is a NULL pointer dereference in the caseless_hash function in ...) {DLA-1054-1} @@ -6540,6 +6547,7 @@ - exiv2 <unfixed> (low) [stretch] - exiv2 <no-dsa> (Minor issue) [jessie] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/issues/54 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1471772 CVE-2017-11552 (The mad_decoder_run function in decoder.c in libmad 0.15.1b allows ...) - libmad <unfixed> (low; bug #870406) @@ -7141,26 +7149,31 @@ - exiv2 <unfixed> (bug #868578) [stretch] - exiv2 <no-dsa> (Minor issue) [jessie] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/issues/53 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470950 CVE-2017-11339 (There is a heap-based buffer overflow in the Image::printIFDStructure ...) - exiv2 <unfixed> (bug #868578) [stretch] - exiv2 <no-dsa> (Minor issue) [jessie] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/issues/52 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470946 CVE-2017-11338 (There is an infinite loop in the Exiv2::Image::printIFDStructure ...) - exiv2 <unfixed> (bug #868578) [stretch] - exiv2 <no-dsa> (Minor issue) [jessie] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/issues/51 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470913 CVE-2017-11337 (There is an invalid free in the Action::TaskFactory::cleanup function ...) - exiv2 <unfixed> (bug #868578) [stretch] - exiv2 <no-dsa> (Minor issue) [jessie] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/issues/50 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470737 CVE-2017-11336 (There is a heap-based buffer over-read in the Image::printIFDStructure ...) - exiv2 <unfixed> (bug #868578) [stretch] - exiv2 <no-dsa> (Minor issue) [jessie] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/issues/49 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470729 CVE-2017-11335 (There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF ...) - tiff 4.0.8-4 (bug #868513) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits