[Secure-testing-commits] r55321 - data/CVE

Raphaël Hertzog Thu, 31 Aug 2017 08:37:35 -0700

Author: hertzog
Date: 2017-08-31 15:37:07 +0000 (Thu, 31 Aug 2017)
New Revision: 55321


Modified:
   data/CVE/list
Log:
Reported all exiv2 issues to upstream

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-08-31 15:36:57 UTC (rev 55320)
+++ data/CVE/list       2017-08-31 15:37:07 UTC (rev 55321)
@@ -2476,12 +2476,15 @@
        NOTE: Crash in CLI tool, no security impact
 CVE-2017-12957 (There is a heap-based buffer over-read in libexiv2 in Exiv2 
0.26 that ...)
        - exiv2 <unfixed>
+       NOTE: https://github.com/Exiv2/exiv2/issues/60
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482423
 CVE-2017-12956 (There is an illegal address access in 
Exiv2::FileIo::path[abi:cxx11]() ...)
        - exiv2 <unfixed>
+       NOTE: https://github.com/Exiv2/exiv2/issues/59
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482296
 CVE-2017-12955 (There is a heap-based buffer overflow in basicio.cpp of Exiv2 
0.26. The ...)
        - exiv2 <unfixed>
+       NOTE: https://github.com/Exiv2/exiv2/issues/58
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482295
 CVE-2017-12954 (The gig::Region::GetSampleFromWavePool function in gig.cpp in 
libgig ...)
        - libgig <unfixed> (bug #873718)
@@ -6078,6 +6081,8 @@
        - exiv2 <unfixed> (low)
        [stretch] - exiv2 <no-dsa> (Minor issue)
        [jessie] - exiv2 <no-dsa> (Minor issue)
+       NOTE: http://dev.exiv2.org/issues/1307
+       NOTE: https://github.com/Exiv2/exiv2/issues/57
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475124
 CVE-2017-11682 (Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 
allows ...)
        NOT-FOR-US: Hashtopussy
@@ -6415,11 +6420,13 @@
        - exiv2 <unfixed> (low)
        [stretch] - exiv2 <no-dsa> (Minor issue)
        [jessie] - exiv2 <no-dsa> (Minor issue)
+       NOTE: https://github.com/Exiv2/exiv2/issues/56
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889
 CVE-2017-11591 (There is a Floating point exception in the Exiv2::ValueType 
function in ...)
        - exiv2 <unfixed> (low)
        [stretch] - exiv2 <no-dsa> (Minor issue)
        [jessie] - exiv2 <no-dsa> (Minor issue)
+       NOTE: https://github.com/Exiv2/exiv2/issues/55
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473888
 CVE-2017-11590 (There is a NULL pointer dereference in the caseless_hash 
function in ...)
        {DLA-1054-1}
@@ -6540,6 +6547,7 @@
        - exiv2 <unfixed> (low)
        [stretch] - exiv2 <no-dsa> (Minor issue)
        [jessie] - exiv2 <no-dsa> (Minor issue)
+       NOTE: https://github.com/Exiv2/exiv2/issues/54
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1471772
 CVE-2017-11552 (The mad_decoder_run function in decoder.c in libmad 0.15.1b 
allows ...)
        - libmad <unfixed> (low; bug #870406)
@@ -7141,26 +7149,31 @@
        - exiv2 <unfixed> (bug #868578)
        [stretch] - exiv2 <no-dsa> (Minor issue)
        [jessie] - exiv2 <no-dsa> (Minor issue)
+       NOTE: https://github.com/Exiv2/exiv2/issues/53
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470950
 CVE-2017-11339 (There is a heap-based buffer overflow in the 
Image::printIFDStructure ...)
        - exiv2 <unfixed> (bug #868578)
        [stretch] - exiv2 <no-dsa> (Minor issue)
        [jessie] - exiv2 <no-dsa> (Minor issue)
+       NOTE: https://github.com/Exiv2/exiv2/issues/52
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470946
 CVE-2017-11338 (There is an infinite loop in the 
Exiv2::Image::printIFDStructure ...)
        - exiv2 <unfixed> (bug #868578)
        [stretch] - exiv2 <no-dsa> (Minor issue)
        [jessie] - exiv2 <no-dsa> (Minor issue)
+       NOTE: https://github.com/Exiv2/exiv2/issues/51
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470913
 CVE-2017-11337 (There is an invalid free in the Action::TaskFactory::cleanup 
function ...)
        - exiv2 <unfixed> (bug #868578)
        [stretch] - exiv2 <no-dsa> (Minor issue)
        [jessie] - exiv2 <no-dsa> (Minor issue)
+       NOTE: https://github.com/Exiv2/exiv2/issues/50
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470737
 CVE-2017-11336 (There is a heap-based buffer over-read in the 
Image::printIFDStructure ...)
        - exiv2 <unfixed> (bug #868578)
        [stretch] - exiv2 <no-dsa> (Minor issue)
        [jessie] - exiv2 <no-dsa> (Minor issue)
+       NOTE: https://github.com/Exiv2/exiv2/issues/49
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470729
 CVE-2017-11335 (There is a heap based buffer overflow in tools/tiff2pdf.c of 
LibTIFF ...)
        - tiff 4.0.8-4 (bug #868513)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r55321 - data/CVE

Reply via email to