Author: jmm Date: 2017-10-26 21:47:25 +0000 (Thu, 26 Oct 2017) New Revision: 57008
Modified: data/CVE/list Log: another exiv issue n/a Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-26 21:41:33 UTC (rev 57007) +++ data/CVE/list 2017-10-26 21:47:25 UTC (rev 57008) @@ -2660,6 +2660,7 @@ RESERVED - restlet <itp> (bug #596472) CVE-2017-14866 (There is a heap-based buffer overflow in the Exiv2::s2Data function of ...) + [experimental] - exiv2 <unfixed> - exiv2 <not-affected> (Versions prior to 0.26 don't parse ICC profiles yet) NOTE: https://github.com/Exiv2/exiv2/issues/140 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494781 @@ -2704,6 +2705,7 @@ NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1). NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind). CVE-2017-14861 (There is a stack consumption vulnerability in the ...) + [experimental] - exiv2 <unfixed> - exiv2 <not-affected> (printIFDStructure introduced in 0.26) NOTE: https://github.com/Exiv2/exiv2/issues/139 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494787 @@ -2730,10 +2732,11 @@ NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1). NOTE: Reproducible in experimental(0.26-1). CVE-2017-14858 (There is a heap-based buffer overflow in the Exiv2::l2Data function of ...) - - exiv2 <unfixed> + [experimental] - exiv2 <unfixed> + - exiv2 <not-affected> (TIFF meta data handler doesn't parse ICC profiles yet) NOTE: https://github.com/Exiv2/exiv2/issues/138 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494782 - TODO: check + TODO: report against experimental version NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1). NOTE: Reproducible in experimental(0.26-1) with a different error (double free or corruption (out)) CVE-2017-14857 (In Exiv2 0.26, there is an invalid free in the Image class in image.cpp ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits