Author: hertzog
Date: 2017-09-19 09:50:10 +0000 (Tue, 19 Sep 2017)
New Revision: 55898
Modified:
data/CVE/list
Log:
Add results of reproducibility tests of exiv2 CVE
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-19 09:41:02 UTC (rev 55897)
+++ data/CVE/list 2017-09-19 09:50:10 UTC (rev 55898)
@@ -4131,14 +4131,20 @@
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/issues/60
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482423
+ NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The
file contains data of an unknown image type"
+ NOTE: Reproducible in experimental (0.26-1).
CVE-2017-12956 (There is an illegal address access in
Exiv2::FileIo::path[abi:cxx11]() ...)
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/issues/59
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482296
+ NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The
file contains data of an unknown image type"
+ NOTE: Reproducible in experimental (0.26-1).
CVE-2017-12955 (There is a heap-based buffer overflow in basicio.cpp of Exiv2
0.26. The ...)
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/issues/58
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482295
+ NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The
memory contains data of an unknown image type"
+ NOTE: Reproducible in experimental (0.26-1).
CVE-2017-12954 (The gig::Region::GetSampleFromWavePool function in gig.cpp in
libgig ...)
- libgig <unfixed> (low; bug #873718)
[stretch] - libgig <no-dsa> (Minor issue)
@@ -7885,6 +7891,8 @@
NOTE: http://dev.exiv2.org/issues/1307
NOTE: https://github.com/Exiv2/exiv2/issues/57
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475124
+ NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1).
+ NOTE: Reproducible in experimental(0.26-1).
CVE-2017-11682 (Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0
allows ...)
NOT-FOR-US: Hashtopussy
CVE-2017-11681 (Incorrect Access Control vulnerability in Hashtopussy 0.4.0
allows ...)
@@ -8232,12 +8240,15 @@
[jessie] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/56
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889
+ NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1).
+ NOTE: Reproducible in experimental with version 0.26-1.
CVE-2017-11591 (There is a Floating point exception in the Exiv2::ValueType
function in ...)
- exiv2 <unfixed> (low)
[stretch] - exiv2 <no-dsa> (Minor issue)
[jessie] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/55
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473888
+ NOTE: Reproducible in
wheezy/jessie/stretch/sid(0.25-3.1)/experimental(0.26-1).
CVE-2017-11590 (There is a NULL pointer dereference in the caseless_hash
function in ...)
{DLA-1054-1}
- libgxps 0.3.0-1 (low; bug #870183)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
