Author: hertzog Date: 2017-09-19 09:50:10 +0000 (Tue, 19 Sep 2017) New Revision: 55898
Modified: data/CVE/list Log: Add results of reproducibility tests of exiv2 CVE Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-09-19 09:41:02 UTC (rev 55897) +++ data/CVE/list 2017-09-19 09:50:10 UTC (rev 55898) @@ -4131,14 +4131,20 @@ - exiv2 <unfixed> NOTE: https://github.com/Exiv2/exiv2/issues/60 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482423 + NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The file contains data of an unknown image type" + NOTE: Reproducible in experimental (0.26-1). CVE-2017-12956 (There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() ...) - exiv2 <unfixed> NOTE: https://github.com/Exiv2/exiv2/issues/59 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482296 + NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The file contains data of an unknown image type" + NOTE: Reproducible in experimental (0.26-1). CVE-2017-12955 (There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The ...) - exiv2 <unfixed> NOTE: https://github.com/Exiv2/exiv2/issues/58 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482295 + NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The memory contains data of an unknown image type" + NOTE: Reproducible in experimental (0.26-1). CVE-2017-12954 (The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig ...) - libgig <unfixed> (low; bug #873718) [stretch] - libgig <no-dsa> (Minor issue) @@ -7885,6 +7891,8 @@ NOTE: http://dev.exiv2.org/issues/1307 NOTE: https://github.com/Exiv2/exiv2/issues/57 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475124 + NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1). + NOTE: Reproducible in experimental(0.26-1). CVE-2017-11682 (Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows ...) NOT-FOR-US: Hashtopussy CVE-2017-11681 (Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows ...) @@ -8232,12 +8240,15 @@ [jessie] - exiv2 <no-dsa> (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/56 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889 + NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1). + NOTE: Reproducible in experimental with version 0.26-1. CVE-2017-11591 (There is a Floating point exception in the Exiv2::ValueType function in ...) - exiv2 <unfixed> (low) [stretch] - exiv2 <no-dsa> (Minor issue) [jessie] - exiv2 <no-dsa> (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/55 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473888 + NOTE: Reproducible in wheezy/jessie/stretch/sid(0.25-3.1)/experimental(0.26-1). CVE-2017-11590 (There is a NULL pointer dereference in the caseless_hash function in ...) {DLA-1054-1} - libgxps 0.3.0-1 (low; bug #870183) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits