Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9734a84f by Salvatore Bonaccorso at 2019-01-24T06:42:27Z Add related commits for exiv2 for upstream issues #590 The issues need to be further investigated as there are two related CVEs in TODO: check status sas well (CVE-2018-20096, CVE-2018-20097). All refer to issues ocvered in upstream https://github.com/Exiv2/exiv2/issues/590 . - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -10962,9 +10962,11 @@ CVE-2018-20099 (There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of [experimental] - exiv2 <unfixed> (low) - exiv2 <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/Exiv2/exiv2/issues/590 + NOTE: https://github.com/Exiv2/exiv2/commit/eff0f52d0466d81beabf304e2500f3039fd90252 CVE-2018-20098 (There is a heap-based buffer over-read in ...) - exiv2 <unfixed> NOTE: https://github.com/Exiv2/exiv2/issues/590 + NOTE: https://github.com/Exiv2/exiv2/commit/eff0f52d0466d81beabf304e2500f3039fd90252 NOTE: https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206 TODO: check CVE-2018-20097 (There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9734a84fe46b8259ff20b3098bb92010fdfb53f6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9734a84fe46b8259ff20b3098bb92010fdfb53f6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
