Author: hertzog Date: 2017-09-19 14:02:55 +0000 (Tue, 19 Sep 2017) New Revision: 55900
Modified: data/CVE/list Log: Reclassify exiv2 CVE according to my findings Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-09-19 12:45:19 UTC (rev 55899) +++ data/CVE/list 2017-09-19 14:02:55 UTC (rev 55900) @@ -4129,18 +4129,27 @@ NOTE: Crash in CLI tool, no security impact CVE-2017-12957 (There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that ...) - exiv2 <unfixed> + [stretch] - exiv2 <not-affected> (Vulnerable code not present) + [jessie] - exiv2 <not-affected> (Vulnerable code not present) + [wheezy] - exiv2 <not-affected> (Vulnerable code not present) NOTE: https://github.com/Exiv2/exiv2/issues/60 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482423 NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The file contains data of an unknown image type" NOTE: Reproducible in experimental (0.26-1). CVE-2017-12956 (There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() ...) - exiv2 <unfixed> + [stretch] - exiv2 <not-affected> (Vulnerable code not present) + [jessie] - exiv2 <not-affected> (Vulnerable code not present) + [wheezy] - exiv2 <not-affected> (Vulnerable code not present) NOTE: https://github.com/Exiv2/exiv2/issues/59 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482296 NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The file contains data of an unknown image type" NOTE: Reproducible in experimental (0.26-1). CVE-2017-12955 (There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The ...) - exiv2 <unfixed> + [stretch] - exiv2 <not-affected> (Vulnerable code not present) + [jessie] - exiv2 <not-affected> (Vulnerable code not present) + [wheezy] - exiv2 <not-affected> (Vulnerable code not present) NOTE: https://github.com/Exiv2/exiv2/issues/58 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482295 NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The memory contains data of an unknown image type" @@ -7893,6 +7902,7 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475124 NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1). NOTE: Reproducible in experimental(0.26-1). + NOTE: Problematic assert() exists in all versions in Debian. CVE-2017-11682 (Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows ...) NOT-FOR-US: Hashtopussy CVE-2017-11681 (Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows ...) @@ -8236,8 +8246,9 @@ NOT-FOR-US: Chrome extension Markdown Preview Plus CVE-2017-11592 (There is a Mismatched Memory Management Routines vulnerability in the ...) - exiv2 <unfixed> (low) - [stretch] - exiv2 <no-dsa> (Minor issue) - [jessie] - exiv2 <no-dsa> (Minor issue) + [stretch] - exiv2 <not-affected> (Vulnerable code not present) + [jessie] - exiv2 <not-affected> (Vulnerable code not present) + [wheezy] - exiv2 <not-affected> (Vulnerable code not present) NOTE: https://github.com/Exiv2/exiv2/issues/56 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889 NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1). @@ -8366,8 +8377,9 @@ NOTE: https://github.com/sass/libsass/issues/2445 CVE-2017-11553 (There is an illegal address access in the extend_alias_table function ...) - exiv2 <unfixed> (low) - [stretch] - exiv2 <no-dsa> (Minor issue) - [jessie] - exiv2 <no-dsa> (Minor issue) + [stretch] - exiv2 <not-affected> (Not reproducible) + [jessie] - exiv2 <not-affected> (Not reproducible) + [jessie] - exiv2 <not-affected> (Not reproducible) NOTE: https://github.com/Exiv2/exiv2/issues/54 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1471772 NOTE: Not reproducible in wheezy/jessie/stretch. @@ -8986,40 +8998,46 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470714 CVE-2017-11340 (There is a Segmentation fault in the XmpParser::terminate() function in ...) - exiv2 <unfixed> (bug #868578) - [stretch] - exiv2 <no-dsa> (Minor issue) - [jessie] - exiv2 <no-dsa> (Minor issue) + [stretch] - exiv2 <not-affected> (Not reproducible) + [jessie] - exiv2 <not-affected> (Not reproducible) + [wheezy] - exiv2 <not-affected> (Not reproducible) NOTE: https://github.com/Exiv2/exiv2/issues/53 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470950 NOTE: Not reproducible in wheezy/jessie/stretch, I get "The file contains data of an unknown image type". NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)". CVE-2017-11339 (There is a heap-based buffer overflow in the Image::printIFDStructure ...) - exiv2 <unfixed> (bug #868578) - [stretch] - exiv2 <no-dsa> (Minor issue) - [jessie] - exiv2 <no-dsa> (Minor issue) + [stretch] - exiv2 <not-affected> (Vulnerable code not present) + [jessie] - exiv2 <not-affected> (Vulnerable code not present) + [wheezy] - exiv2 <not-affected> (Vulnerable code not present) NOTE: https://github.com/Exiv2/exiv2/issues/52 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470946 NOTE: Not reproducible in wheezy/jessie/stretch, I get "The file contains data of an unknown image type". NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)". CVE-2017-11338 (There is an infinite loop in the Exiv2::Image::printIFDStructure ...) - exiv2 <unfixed> (bug #868578) - [stretch] - exiv2 <no-dsa> (Minor issue) - [jessie] - exiv2 <no-dsa> (Minor issue) + [stretch] - exiv2 <not-affected> (Vulnerable code not present) + [jessie] - exiv2 <not-affected> (Vulnerable code not present) + [wheezy] - exiv2 <not-affected> (Vulnerable code not present) NOTE: https://github.com/Exiv2/exiv2/issues/51 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470913 NOTE: Not reproducible in wheezy/jessie/stretch, I get "No Exif data found in the file". NOTE: Reproducible with 0.26-1 (experimental). CVE-2017-11337 (There is an invalid free in the Action::TaskFactory::cleanup function ...) - exiv2 <unfixed> (bug #868578) - [stretch] - exiv2 <no-dsa> (Minor issue) - [jessie] - exiv2 <no-dsa> (Minor issue) + [stretch] - exiv2 <not-affected> (Not reproducible) + [jessie] - exiv2 <not-affected> (Not reproducible) + [wheezy] - exiv2 <not-affected> (Not reproducible) NOTE: https://github.com/Exiv2/exiv2/issues/50 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470737 NOTE: Not reproducible in wheezy/jessie/stretch (even with valgrind), I get "No Exif data found in the file". NOTE: Reproducible with 0.26-1 (experimental). + NOTE: Action::TaskFactory::cleanup function is the same in all versions, so the problem is likely an earlier memory corruption. CVE-2017-11336 (There is a heap-based buffer over-read in the Image::printIFDStructure ...) - exiv2 <unfixed> (bug #868578) - [stretch] - exiv2 <no-dsa> (Minor issue) - [jessie] - exiv2 <no-dsa> (Minor issue) + [stretch] - exiv2 <not-affected> (Vulnerable code not present) + [jessie] - exiv2 <not-affected> (Vulnerable code not present) + [wheezy] - exiv2 <not-affected> (Vulnerable code not present) NOTE: https://github.com/Exiv2/exiv2/issues/49 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470729 NOTE: Not reproducible in wheezy/jessie/stretch (even with valgrind). _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits