[Secure-testing-commits] r57008 - data/CVE

Thu, 26 Oct 2017 14:48:07 -0700 

Author: jmm
Date: 2017-10-26 21:47:25 +0000 (Thu, 26 Oct 2017)
New Revision: 57008

Modified:
   data/CVE/list
Log:
another exiv issue n/a


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-10-26 21:41:33 UTC (rev 57007)
+++ data/CVE/list       2017-10-26 21:47:25 UTC (rev 57008)
@@ -2660,6 +2660,7 @@
        RESERVED
        - restlet <itp> (bug #596472)
 CVE-2017-14866 (There is a heap-based buffer overflow in the Exiv2::s2Data 
function of ...)
+       [experimental] - exiv2 <unfixed>
        - exiv2 <not-affected> (Versions prior to 0.26 don't parse ICC profiles 
yet)
        NOTE: https://github.com/Exiv2/exiv2/issues/140
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494781
@@ -2704,6 +2705,7 @@
        NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
        NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault 
without valgrind).
 CVE-2017-14861 (There is a stack consumption vulnerability in the ...)
+       [experimental] - exiv2 <unfixed>
        - exiv2 <not-affected> (printIFDStructure introduced in 0.26)
        NOTE: https://github.com/Exiv2/exiv2/issues/139
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494787
@@ -2730,10 +2732,11 @@
        NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
        NOTE: Reproducible in experimental(0.26-1).
 CVE-2017-14858 (There is a heap-based buffer overflow in the Exiv2::l2Data 
function of ...)
-       - exiv2 <unfixed>
+       [experimental] - exiv2 <unfixed>
+       - exiv2 <not-affected> (TIFF meta data handler doesn't parse ICC 
profiles yet)
        NOTE: https://github.com/Exiv2/exiv2/issues/138
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494782
-       TODO: check
+       TODO: report against experimental version
        NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
        NOTE: Reproducible in experimental(0.26-1) with a different error 
(double free or corruption (out))
 CVE-2017-14857 (In Exiv2 0.26, there is an invalid free in the Image class in 
image.cpp ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to