[Git][security-tracker-team/security-tracker][master] one libexif issue fixed by older patch, confirmed by upstream, might be rejected

Mon, 08 Jun 2020 09:12:12 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
81177bc1 by Moritz Muehlenhoff at 2020-06-08T18:11:03+02:00
one libexif issue fixed by older patch, confirmed by upstream, might be rejected
  or amended, upstream will reach out to MITRE

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38762,8 +38762,11 @@ CVE-2020-0182
        NOTE: 
https://github.com/libexif/libexif/commit/f9bb9f263fb00f0603ecbefa8957cad24168cbff
 (0.6.22)
 CVE-2020-0181
        RESERVED
-       - libexif <unfixed> (bug #962346)
+       {DSA-4618-1 DLA-2100-1}
+       - libexif <unfixed>
+       - libexif 0.6.21-6 (bug #962346)
        NOTE: 
https://android.googlesource.com/platform/external/libexif/+/f6c54954cbfc25eb73d2d2902f0597c0220174a4
+       NOTE: Fixed by the patch for CVE-2019-9278
 CVE-2020-0180
        RESERVED
        NOT-FOR-US: Android Media Framework


=====================================
data/DLA/list
=====================================
@@ -427,7 +427,7 @@
        {CVE-2018-18898}
        [jessie] - libemail-address-list-perl 0.05-1+deb8u1
 [10 Feb 2020] DLA-2100-1 libexif - security update
-       {CVE-2019-9278}
+       {CVE-2019-9278 CVE-2020-0181}
        [jessie] - libexif 0.6.21-2+deb8u1
 [10 Feb 2020] DLA-2099-1 checkstyle - security update
        {CVE-2019-10782}


=====================================
data/DSA/list
=====================================
@@ -280,7 +280,7 @@
        [stretch] - libxmlrpc3-java 3.1.3-8+deb9u1
        [buster] - libxmlrpc3-java 3.1.3-9+deb10u1
 [06 Feb 2020] DSA-4618-1 libexif - security update
-       {CVE-2019-9278}
+       {CVE-2019-9278 CVE-2020-0181}
        [stretch] - libexif 0.6.21-2+deb9u1
        [buster] - libexif 0.6.21-5.1+deb10u1
 [03 Feb 2020] DSA-4617-1 qtbase-opensource-src - security update



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81177bc1528b953317e192803d51fe20e554bb90

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81177bc1528b953317e192803d51fe20e554bb90
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to