Author: jmm Date: 2017-09-19 21:14:08 +0000 (Tue, 19 Sep 2017) New Revision: 55909
Modified: data/CVE/list Log: one libexiv entry confirmed, revert the rest. <not-affected> must only be used based on code analysis, not by running some reproducer, code path in older releases might be entirely different Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-09-19 21:10:15 UTC (rev 55908) +++ data/CVE/list 2017-09-19 21:14:08 UTC (rev 55909) @@ -4128,17 +4128,15 @@ NOTE: Crash in CLI tool, no security impact CVE-2017-12957 (There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that ...) - exiv2 <unfixed> - [stretch] - exiv2 <not-affected> (Vulnerable code not present) - [jessie] - exiv2 <not-affected> (Vulnerable code not present) - [wheezy] - exiv2 <not-affected> (Vulnerable code not present) + [stretch] - exiv2 <not-affected> (Incorrect memory allocation introduced in 0.26) + [jessie] - exiv2 <not-affected> (Incorrect memory allocation introduced in 0.26) + [wheezy] - exiv2 <not-affected> (Incorrect memory allocation introduced in 0.26) NOTE: https://github.com/Exiv2/exiv2/issues/60 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482423 - NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The file contains data of an unknown image type" - NOTE: Reproducible in experimental (0.26-1). + NOTE: Experimental is affected, unstable is not, strictly speaking this could all + NOTE: be marked <not-affected>, but keeping it marked <unfixed> to ensure we track the fix CVE-2017-12956 (There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() ...) - exiv2 <unfixed> - [stretch] - exiv2 <not-affected> (Vulnerable code not present) - [jessie] - exiv2 <not-affected> (Vulnerable code not present) [wheezy] - exiv2 <not-affected> (Vulnerable code not present) NOTE: https://github.com/Exiv2/exiv2/issues/59 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482296 @@ -4146,8 +4144,6 @@ NOTE: Reproducible in experimental (0.26-1). CVE-2017-12955 (There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The ...) - exiv2 <unfixed> - [stretch] - exiv2 <not-affected> (Vulnerable code not present) - [jessie] - exiv2 <not-affected> (Vulnerable code not present) [wheezy] - exiv2 <not-affected> (Vulnerable code not present) NOTE: https://github.com/Exiv2/exiv2/issues/58 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482295 @@ -8246,8 +8242,6 @@ NOT-FOR-US: Chrome extension Markdown Preview Plus CVE-2017-11592 (There is a Mismatched Memory Management Routines vulnerability in the ...) - exiv2 <unfixed> (low) - [stretch] - exiv2 <not-affected> (Vulnerable code not present) - [jessie] - exiv2 <not-affected> (Vulnerable code not present) [wheezy] - exiv2 <not-affected> (Vulnerable code not present) NOTE: https://github.com/Exiv2/exiv2/issues/56 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889 @@ -8377,8 +8371,6 @@ NOTE: https://github.com/sass/libsass/issues/2445 CVE-2017-11553 (There is an illegal address access in the extend_alias_table function ...) - exiv2 <unfixed> (low) - [stretch] - exiv2 <not-affected> (Not reproducible) - [jessie] - exiv2 <not-affected> (Not reproducible) [wheezy] - exiv2 <not-affected> (Not reproducible) NOTE: https://github.com/Exiv2/exiv2/issues/54 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1471772 @@ -8998,8 +8990,6 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470714 CVE-2017-11340 (There is a Segmentation fault in the XmpParser::terminate() function in ...) - exiv2 <unfixed> (bug #868578) - [stretch] - exiv2 <not-affected> (Not reproducible) - [jessie] - exiv2 <not-affected> (Not reproducible) [wheezy] - exiv2 <not-affected> (Not reproducible) NOTE: https://github.com/Exiv2/exiv2/issues/53 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470950 @@ -9007,8 +8997,6 @@ NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)". CVE-2017-11339 (There is a heap-based buffer overflow in the Image::printIFDStructure ...) - exiv2 <unfixed> (bug #868578) - [stretch] - exiv2 <not-affected> (Vulnerable code not present) - [jessie] - exiv2 <not-affected> (Vulnerable code not present) [wheezy] - exiv2 <not-affected> (Vulnerable code not present) NOTE: https://github.com/Exiv2/exiv2/issues/52 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470946 @@ -9016,8 +9004,6 @@ NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)". CVE-2017-11338 (There is an infinite loop in the Exiv2::Image::printIFDStructure ...) - exiv2 <unfixed> (bug #868578) - [stretch] - exiv2 <not-affected> (Vulnerable code not present) - [jessie] - exiv2 <not-affected> (Vulnerable code not present) [wheezy] - exiv2 <not-affected> (Vulnerable code not present) NOTE: https://github.com/Exiv2/exiv2/issues/51 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470913 @@ -9025,8 +9011,6 @@ NOTE: Reproducible with 0.26-1 (experimental). CVE-2017-11337 (There is an invalid free in the Action::TaskFactory::cleanup function ...) - exiv2 <unfixed> (bug #868578) - [stretch] - exiv2 <not-affected> (Not reproducible) - [jessie] - exiv2 <not-affected> (Not reproducible) [wheezy] - exiv2 <not-affected> (Not reproducible) NOTE: https://github.com/Exiv2/exiv2/issues/50 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470737 @@ -9035,8 +9019,6 @@ NOTE: Action::TaskFactory::cleanup function is the same in all versions, so the problem is likely an earlier memory corruption. CVE-2017-11336 (There is a heap-based buffer over-read in the Image::printIFDStructure ...) - exiv2 <unfixed> (bug #868578) - [stretch] - exiv2 <not-affected> (Vulnerable code not present) - [jessie] - exiv2 <not-affected> (Vulnerable code not present) [wheezy] - exiv2 <not-affected> (Vulnerable code not present) NOTE: https://github.com/Exiv2/exiv2/issues/49 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470729 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits