[Git][security-tracker-team/security-tracker][master] Reserve DLA-3186-1 for exiv2

Thu, 10 Nov 2022 06:39:00 -0800 


Dominik George pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cc35d972 by Dominik George at 2022-11-10T15:37:49+01:00
Reserve DLA-3186-1 for exiv2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -241631,7 +241631,7 @@ CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows 
a malicious http server to
        NOTE: https://github.com/Exiv2/exiv2/issues/793
 CVE-2019-13113 (Exiv2 through 0.27.1 allows an attacker to cause a denial of 
service ( ...)
        - exiv2 0.27.2-6 (unimportant)
-        [buster] - exiv2 <not-affected> (Vulnerable code introduced later)
+       [buster] - exiv2 <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://github.com/Exiv2/exiv2/commit/6212806b7637be683a56c769a8d905153996d933
        NOTE: 
https://github.com/Exiv2/exiv2/commit/ccde30afa8ca787a3fe17388a15977f107a53b72
        NOTE: https://github.com/Exiv2/exiv2/issues/841


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[10 Nov 2022] DLA-3186-1 exiv2 - security update
+       {CVE-2017-11683 CVE-2020-19716 CVE-2022-3756}
+       [buster] - exiv2 0.25-4+deb10u3
 [10 Nov 2022] DLA-3185-1 xorg-server - security update
        {CVE-2022-3550 CVE-2022-3551}
        [buster] - xorg-server 2:1.20.4-1+deb10u6


=====================================
data/dla-needed.txt
=====================================
@@ -44,10 +44,6 @@ curl (Emilio)
 dropbear (Utkarsh)
   NOTE: 20221027: Programming language: C.
 --
-exiv2 (Dominik George)
-  NOTE: 20220819: Programming language: C++.
-  NOTE: 20220819: 
https://github.com/Exiv2/exiv2/commit/109d5df7abd329f141b500c92a00178d35a6bef3#diff-bd28aafd4c87975a3a236af74c2200db447587fa0bb4f43ba9beb98738c77b2aL292
 does not directly apply, but a very quick glance suggests the earlier code may 
be equally vulnerable. (Chris Lamb)
---
 firmware-nonfree
   NOTE: 20220906: Consider to check the severity of the issues again and judge 
whether a correction is worth it.
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc35d972357a33295e50c9f527ec258d578b18a8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc35d972357a33295e50c9f527ec258d578b18a8
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to