Author: anarcat Date: 2017-11-28 19:47:38 +0000 (Tue, 28 Nov 2017) New Revision: 58086
Modified: data/CVE/list data/dla-needed.txt Log: mark exiv2 issues as unreproducible Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-28 19:46:03 UTC (rev 58085) +++ data/CVE/list 2017-11-28 19:47:38 UTC (rev 58086) @@ -1675,17 +1675,19 @@ NOT-FOR-US: Phoenix Framework CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...) - exiv2 <unfixed> + [wheezy] - exiv2 <not-affected> (Cannot reproduce with crash file) NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1 NOTE: https://github.com/Exiv2/exiv2/issues/177 CVE-2017-1000127 (Exiv2 0.26 contains a heap buffer overflow in tiff parser ...) - exiv2 <unfixed> + [wheezy] - exiv2 <not-affected> (Cannot reproduce with crash file) NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1 NOTE: https://github.com/Exiv2/exiv2/issues/176 CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser ...) - exiv2 <unfixed> + [wheezy] - exiv2 <not-affected> (Cannot reproduce with crash file) NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1 NOTE: https://github.com/Exiv2/exiv2/issues/175 - NOTE: Can't seem to reproduce this in wheezy. CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in ...) - ncurses 6.0+20171125-1 (bug #882620) [stretch] - ncurses <no-dsa> (Minor issue) Modified: data/dla-needed.txt =================================================================== --- data/dla-needed.txt 2017-11-28 19:46:03 UTC (rev 58085) +++ data/dla-needed.txt 2017-11-28 19:47:38 UTC (rev 58086) @@ -17,9 +17,6 @@ couchdb NOTE: Only in wheezy, we are on our own. -- -exiv2 - NOTE: confirmed that vulnerabilities cannot be reproduced with ASAN: https://lists.debian.org/debian-lts/2017/11/msg00124.html --- irssi (Rhonda D'Vine) -- jasperreports _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits