[Git][security-tracker-team/security-tracker][master] Add CVE-2020-1311{2,3,4}/libexif issues

Thu, 21 May 2020 12:11:20 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7e65931e by Salvatore Bonaccorso at 2020-05-21T21:09:43+02:00
Add CVE-2020-1311{2,3,4}/libexif issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -301,12 +301,24 @@ CVE-2020-13116
        RESERVED
 CVE-2020-13115
        RESERVED
-CVE-2020-13114
+CVE-2020-13114 [Add a failsafe on the maximum number of Canon MakerNote 
subtags]
        RESERVED
-CVE-2020-13113
+       - libexif <unfixed>
+       [buster] - libexif <no-dsa> (Minor issue)
+       [stretch] - libexif <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab
 (0.6.22)
+CVE-2020-13113 [Ensure the MakerNote data pointers are initialized with NULL]
        RESERVED
-CVE-2020-13112
+       - libexif <unfixed>
+       [buster] - libexif <no-dsa> (Minor issue)
+       [stretch] - libexif <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f
 (0.6.22)
+CVE-2020-13112 [Fix MakerNote tag size overflow issues at read time]
        RESERVED
+       - libexif <unfixed>
+       [buster] - libexif <no-dsa> (Minor issue)
+       [stretch] - libexif <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1
 (0.6.22)
 CVE-2020-13111 (NaviServer 4.99.4 to 4.99.19 allows denial of service due to 
the nsd/d ...)
        NOT-FOR-US: NaviServer
 CVE-2020-13110 (The kerberos package before 1.0.0 for Node.js allows arbitrary 
code ex ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e65931ebc678de2502cd81346438759e1514950

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e65931ebc678de2502cd81346438759e1514950
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to