Author: carnil Date: 2017-11-19 08:12:11 +0000 (Sun, 19 Nov 2017) New Revision: 57813
Modified: data/CVE/list Log: Remove reference to issues/1248 for exiv2 Reason: http://www.openwall.com/lists/oss-security/2017/06/30/1 . The three assigned CVEs are different issues. Hanno Boeck stated in the oss-security post: > I have not reported thoses issues upstream. When I previously tried to > report bugs in exiv2 found via fuzzing the upstream author made it > clear to me that he has little interest in fixing those issues and > doesn't consider his software suitable to parse defect files (which > basically means it's unsuitable for untrusted input). The discussion > can be read here [1]. (the page is sometimes not available, searching > for it in the google cache usually works though) > [...] > [1] http://dev.exiv2.org/issues/1248 Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-19 08:11:51 UTC (rev 57812) +++ data/CVE/list 2017-11-19 08:12:11 UTC (rev 57813) @@ -33,7 +33,6 @@ CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser ...) - exiv2 <unfixed> NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1 - NOTE: http://dev.exiv2.org/issues/1248 NOTE: Can't seem to reproduce this in wheezy. CVE-2017-16879 RESERVED _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
