[Secure-testing-commits] r58086 - in data: . CVE

Tue, 28 Nov 2017 11:48:06 -0800 

Author: anarcat
Date: 2017-11-28 19:47:38 +0000 (Tue, 28 Nov 2017)
New Revision: 58086

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
mark exiv2 issues as unreproducible

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-11-28 19:46:03 UTC (rev 58085)
+++ data/CVE/list       2017-11-28 19:47:38 UTC (rev 58086)
@@ -1675,17 +1675,19 @@
        NOT-FOR-US: Phoenix Framework
 CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 
parser ...)
        - exiv2 <unfixed>
+       [wheezy] - exiv2 <not-affected> (Cannot reproduce with crash file)
        NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
        NOTE: https://github.com/Exiv2/exiv2/issues/177
 CVE-2017-1000127 (Exiv2 0.26 contains a heap buffer overflow in tiff parser 
...)
        - exiv2 <unfixed>
+       [wheezy] - exiv2 <not-affected> (Cannot reproduce with crash file)
        NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
        NOTE: https://github.com/Exiv2/exiv2/issues/176
 CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp 
parser ...)
        - exiv2 <unfixed>
+       [wheezy] - exiv2 <not-affected> (Cannot reproduce with crash file)
        NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
        NOTE: https://github.com/Exiv2/exiv2/issues/175
-       NOTE: Can't seem to reproduce this in wheezy.
 CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in 
...)
        - ncurses 6.0+20171125-1 (bug #882620)
        [stretch] - ncurses <no-dsa> (Minor issue)

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-11-28 19:46:03 UTC (rev 58085)
+++ data/dla-needed.txt 2017-11-28 19:47:38 UTC (rev 58086)
@@ -17,9 +17,6 @@
 couchdb
   NOTE: Only in wheezy, we are on our own.
 --
-exiv2
-  NOTE: confirmed that vulnerabilities cannot be reproduced with ASAN: 
https://lists.debian.org/debian-lts/2017/11/msg00124.html
---
 irssi (Rhonda D'Vine)
 --
 jasperreports


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to